II.BOB.Development Network Application based on Java Servlets. Men ushbu bitiruv oldi amaliyot davomida bitiruv malakaviy ishimga kerakli quyidagi ma’lumotlarni to’pladim:
CHAPTER I. INTRODUCTION TO WEB APPLICATION DEVELOPMENT. 1.1. A brief introduction to Java Servlets and JSP Java Servlets is a J2EE specification. The Servlet framework provides a basic API for implementing web applications in the Java programming language. Java Servlets separate handling of the GET and POST request methods into two different Java methods (doGet and doPost respectively). According to the HTTP specification GET requests are cachable and cannot have side effects. The Servlet framework does not enforce this but it makes it possible to write a Servlet that returns a view of the current server state from the doGet method and received requests that may update the state through the doPost method.
Dispatcher: The dispatcher is explicitly configured through a web.xml file or alternatively through Java annotations that map URLs to servlet classes. The basic unit is classes and to handle requests, each servlet class implements methods corresponding to each of the HTTP request methods (GET, POST, PUT etc.).
Decoder: The decoder is pull based and makes a request parameter map from names to values available to the web application programmer through an argument to the servlet method. Compared to PHP, Java Servlets abstract away the difference between the request methods and make all request parameters available through the same API methods on the HttpServletRequest class.
Generator: Similarly to PHP, the generator is stream based and offers no representation of the structure of the output. Since no template language is available in the Servlet framework, methods on the generator are explicitly called with string fragments of the desired output as arguments.
Store: The Servlet framework provides three scopes of untyped store: application, session, and request. The store is made available through maps from strings to objects and it is up to the programmer to ensure that the objects are of correct types. Furthermore, it is possible to create fields in servlet classes. Only one servlet class instance is created per declaration in the web.xml file, so such fields are essentially a way to store typed, application scoped data.
Similarly to PHP, page one of the example application is implemented as a static HTML file. Java Servlet example with the sole exception that the value of the action attribute of the form is replaced by the value servlets/SayHello. The implementation of page two of the application is presented in Figure 1.1. The page is implemented as a servlet class and the parameter is received pull-style through to call to getParameter. The program sends output to the client by calling the print method on the HttpServletResponse.getWriter. As can be seen in Figure 1.1, Java Servlets have a significant syntactic overhead for writing typical HTML templates to the client. This results in programs that are significantly larger than equivalent PHP programs and Java Servlets are not often used exclusively for programming the server side of a web application. The Java Servlet framework is often used as a basis for implementing other frameworks that may replace all the components of the Servlet framework.
Figure 1.1. A Java Servlet application similar to the PHP application.
Safety in servlet applications Similarly to PHP, the Java Servlet framework leaves it to the programmer to make sure that the application is not vulnerable to the most common web application attacks. The Servlet framework does not contain a database API. It relies on the Java Persistence API which makes prepared statements and escaping methods available. The framework is not safe by default against the typical web application vulnerabilities. The generator requires the programmer to escape values before appending to the stream and the framework does not help the programmer to avoid client-state manipulation attacks. The Java Servlets framework offers no features for ensuring output validity.
Java Server Pages JSP Java Server Pages (JSP) is an extension to the Servlet framework and is also described by a J2EE specification. JSP is highly inspired by PHP and attempts to add some of the syntactic convenience of PHP to Java Servlets.
Dispatcher: Each JSP file is compiled into a Servlet but the JSP and Servlet frameworks differ on a few central points: The dispatcher is implicitly configured in that each JSP file is invoked by using the file name of the JSP file as the URL. As in PHP, the basic unit is the file. The generated class is never visible to the programmer.
Decoder: JSP allows the programmer to use the same decoder API as in the Java Servlet framework. Furthermore, parameters can also be fetched from the templates through the use of the JSTL Expression Language (EL).
Generator: JSP replaces the generator of Java Servlets with a template DSL that allows the programmer to write snippets of HTML templates intermixed with Java program code. This results in a syntax for writing data to the output stream that will feel familiar to PHP programmers. As part of the template language, JSP provides a tag mechanism that allows the programmer to define tags. When encountered in the flow, these tags result in calls to Java code, and they allow the JSP files themselves to be free of embedded Java code.
Store: The store of JSP is the same as for the Servlet framework. An extra scope is added, the page scope in which values only exist throughout the execution of the JSP page. As in the Servlet framework, for JSP it is possible to store data in fields of the generated servlet class.
