Chapter 13: Servlets

13.1 Servlets
“SERVLETS ARE JAVA PROGRAMS THAT CAN BE DEPLOYED ON JAVA
ENABLED WEB SERVER TO ENHANCE AND EXTEND THE FUNCTIONALITY
OF THE WEB SERVER.”

Servlets can also be used to add dynamic content to web pages.

Java Servlets are server side components that provides a powerful mechanism
for developing server side of web application. Earlier CGI was developed to
provide server side capabilities to the web application. Although CGI played a
major role in the explosion of the Internet, its performance, scalability and
reusability issues make it less than optimal solutions. Java Servlets changes all
that. These provide excellent framework for server side processing.

Servlet provide component-based, platform-independent methods for building

Web-based applications, without the performance limitations of CGI programs.

Servlets are not designed for a specific protocols. It is different thing that they
are most commonly used with the HTTP protocols.

HTTP Servlet typically used to:

Provide dynamic content like getting the results of a database query and
returning to the client.
Process and/or store the data submitted by the HTML.
Manage information about the state of a stateless HTTP. For example, an
online shopping car manages request for multiple concurrent customers.

13.2 Advantages of Servlets

Java Servlets have a number of advantages over CGI and other API’s. They are:

Platform Independence: Java Servlets are 100% pure Java, so it is

platform independent. It can run on any Servlet enabled Web server.
Performance: Due to interpreted nature of Java, programs written in Java
are slow. But the java servlets runs very fast. These are due to the way
servlets run on web server. For any program initialization takes significant
amount of time. But in case of servlets initialization takes place very first
time it receives a request and remains in memory till times out or server
shut downs. After servlet is loaded, to handle a new request it simply
creates a new thread and runs service method of servlet.
 Servlets
Extensibility: Java Servlets are developed in Java which is robust, well-
designed and object-oriented language which can be extended or
polymorphed into new objects. So the Java servlets can be extended from
existing class to provide the ideal solutions.
Safety: Java provides a very good safety features like memory
management, exception handling, etc. Servlets inherits all these features
and emerged as a very powerful web server extension.
Secure: Servlets are server side components, so it inherits the security
provided by the web server. Servlets are also benefited with Java Security
Manager.

13.3 Characteristics of Servlets

Servlets can be used to develop a variety of web-based applications. The
characteristics of Servlets that have gained them a wide spread acceptance
are as follows:

Servlets are Efficient. The initialization code for servlet is executed only
when the servlet is executed for the first time. Subsequently, the requests
that are received by the servlets are processed by its service() method.
This helps to increase the efficiency of the server by avoiding creation of
unnecessary processes.
Servlets are Robust. As servlets are based on Java, they provide all the
powerful features of Java, such as exception handling, and garbage
collection, which makes them robust.
Servlets are Portable. Servlets are portable because they are developed
in Java. This enables easy portability across web servers.
Servlets are Persistent. Servlets helps to increase the performance of
the system by preventing frequent disk access.

13.4 Servlets and Applets

Applets Servlets
Applets are Java programs that As Servlets executed on the web
are embedded in Web pages. server, they help overcome
When a web page containing problems with download time
an applet is opened the byte faced while using applets.
code of the applet is Servlets do not require the
downloaded to the client browser to be Java enabled
computer. This process unlike applets because they
becomes time consuming if execute on web server and
the size of applet is too large. the results are sent back to
the client or browser.
 Servlets

13.5 Lifecycle of Servlets

A Servlets is loaded only once in the memory and is initialized in the init()
method.

After the servlet is initialized it starts accepting requests from the client and
processes them through the service() method till it shutdown by the destroy()
method.

The service() method is executed for every incoming request.

The lifecycle of a servlet is depicted below:

Init( )

Request
Service(
Client )
(Browser)

Response
Destroy(
)

Lifecycle of Servlet

13.6 J2EE (Java 2 Enterprise Edition)

Java 2 Enterprise Edition (J2EE) is a set of specifications that defines the
standard for creating distributed objects.

J2EE also specifies how these technologies can be integrated to provide a

complete solution.

It is also a standard architecture that defines a multi-tier programming model.

The Java 2 Servlet Development Kit (J2SDK), Enterprise Edition (J2EE) server is
a product from Sun Microsystems that is based on the J2EE.
 Servlets
The J2EE server is used to deploy servlets and JSP files and enables users to
access the same by implementing appropriate security.

13.7 Deploying a Servlet

For a servlet or a html page (that might contain a link to servlet) to be
accessible from client, first it has to be deployed on the web server. Servlet can
be deployed in:

Java Web Server (JWS)

JRun
Apache

JWS is a web server from Sun Microsystems that is developed based on the
servlet technology and can be used to deploy servlets.

JRun and apache can also be used to deploy servlets. JRun is a Java application
server which is a product of live software. JRun provides a high performance,
scalable solution for creating and delivering enterprise applications. The other
website technologies that can be deployed in JRun are Java Server Pages and
Enterprise Java Beans.

Apache is a web server from an organization called Apache that can be used to
deploy servlets. Few features of Apache that have made it popular are its freely
distributed code, robustness and security that is offered.

13.8 Servlet API and Servlet Packages

Java Servlet API contains two core packages:

javax.servlet
javax.servlet.http

Servlets implement the javax.servlet.Servlet interface. The javax.servlet

package contains the generic interfaces and classes that are implemented and
extended by all servlets.

While the javax.servlet.http package contains the classes that are used when
developing HTTP-specific servlets. The HttpServlet is extended from
GenericServlet base class and it implements the Servlet interface. HttpServlet
class provides a framework for handling the HTTP requests.

13.8.1 Javax.Servlet Package

 Servlets
The javax.servlet Servlet interface provides the general framework for creating
a servlet. A servlet can directly implement this interface or indirectly the same
by extending javax.servlet.GenericServlet or the javax.servlet.http.HttpServlet
classes.

The GenericServlet class of the javax.servlet package is used to create

servlets that work with any protocol.

The javax.servlet.http package is used to create HTTP Servlets that provide

the output in the form of HTML pages.

The class that is used to create HTTP servlets is called HTTPServlet and is
derived from the GenericServlet class.

THE ARCHITECTURE OF SERVLET PACKAGE

Servlet

Generic Servlet

HttpServlet (Class)-this class will be extended to handle GET/PUT HTTP

requests

MyServlet

13.8.2 HTTP Package

HTTP is a simple, stateless protocol. A client such as a web browser makes a
request, the web server responds, and the transaction is done. When the client
sends a request, the first thing it specifies is an HTTP command called a
method, that tells the server the type of action it wants to be performed. This
first line of request also specifies the address of a document (URL) and the
version of the HTTP protocol it is using. For example:

GET/intro.html HTTP/1.0

This request uses the GET method to ask for the document named intro.html,
using HTTP version 1.0.

GET and POST

When a client connects to a server and makes an HTTP request, the request
can be of several different types called methods. The most frequently used
methods are GET and POST. The GET method is designed for getting
information (document, a chart or the results from a database query). While
the POST method is designed for posting information.
 Servlets

13.9 Creating Servlet

To create a servlet following steps should be followed:

Step-1 Identify the mechanism

Step-2 Identify the classes to be used

Step-3 Identify the methods to be used

Step-4 Write and compile the servlet

Step-5 Deploy the servlet

Step-6 Execute the servlet.

13.10 Security Issues

Security is the science of keeping sensitive information in the hands of
authorized users. On the web, this boils down to four important issues:

Authentication. Being able to verify the indentification of the parties

involved.
Authorization. Limited access to resources to a selective set of users or
programs.
Confidentiality. Ensuring that only the parties involved can understand
the communication.
Integrity. Being able to verify that the context of the communication is not
changed during transmission.

Authentication, authorization, confidentiality and integrity are all linked by

digital certificate technology.

Digital certificate allow web server, and clients to use advanced cryptographic
techniques to handle identification and encryption in a secure manner.

Authentication can be of any one of two or both:

HTTP authentication: User name and password protection.

Form based authentication: Unauthorized access to the form is
protected.