java

TALENTSPRINT | © Copyright 2015

Java

Course: Developing Presentation Tier of an Enterprise Application

using JSP

Session: ServletConfig, ServletContext, HTTPSession


ServletConfig, ServletContext, HTTPSession

By the end of this session, you will be able to understand:

• ServletContext Interface

• Advantage of ServletContext

• Example of ServletContext

• ServletConfig Interface

• Advantage of ServletConfig

• Example of ServletConfig

• HTTP and Session Management

• Web Container Session

• Obtaining Session object

• Setting Information to the Session

• Getting information from Session

• Deleting Session from Session

• Invalidating Session



Consider a situation when database connection coding has to be modified in several servlets

Oh! So much time is getting wasted in

changing all these servlet code

ServletContext and ServletConfig



Servlet API should provide something to avoid duplicate coding.

Then how to simplify this??




WEB-INF

classes

lib

Solution is to use




ServletContext

MyWebSite

WEB-INF

classes

lib

Main Path or Root Path is “MyWebSite”.

“MyWebSite” could be accessed by ServletContext interface object.

ServletContext object is global to the web application.

ServletContext is created at the time of web application is deployed by the Container.

As long as web application is executing scope of ServletContext object will be available.

Only one object per web application will be created.




ServletContext Advantages

MyWebSite

WEB-INF

classes

lib

We can pass same information to all servlets.

For example Database connection.

Global parameters are passed through web.xml.

<context-param> tag under <web-app> will provide global parameters.

Change in <context-param> will effect to the web application.

We can write many <context-param> tag to provide multiple global parameters.




The ServletContext API




• ServletContext is a interface which helps us to communicate with the servlet container

• There is only one Servlet Context for the entire web application and the components of the web application can share it.

Getting Context Parameter Names


• First of all the web container reads the deployment descriptor file and then creates a name/value pair for each <context-param> tag.

• After creating the name/value pair it creates a new instance of ServletContext.

• Its the responsibility of the Container to give the reference of the ServletContext to the context init parameters.

• The servlet and jsp which are part of the same web application can have the access of the ServletContext.

Web application initialization:



<web-app>

.........

.........

<context-param>

<param-name>Company</param-name>

<param-value>TalentSprint</param-value>

</context-param>

<context-param>

<param-name>Address</param-name>

<param-value>IIIT Campus</param-value>

</context-param>

.........

.........

</web-app>


Context Parameter Names in web.xml



public class GettingContextParameterNames extends HttpServlet {

private String cnm = "";

private String address = "";

public void init(ServletConfig config) throws ServletException {

super.init(config);

ServletContext context = getServletContext();

cnm = context.getInitParameter("company");

address = context.getInitParameter("address");

}

public void doGet(HttpServletRequest req, HttpServletResponse

res)

throws IOException {

ServletOutputStream out = res.getOutputStream();

res.setContentType("text/html");

out.println("Company Name: " + cnm);

out.println("Address: " + address);

}

}


Read Context Parameter Names in Servlet



Perfect, But if I want to do with single servlet or some servlets?

Umm! Let me check again Servlet API, there should be

some interface or class




MyWebSite

WEB-INF

classes

lib

It is initialized by the Container

It is used to initialize a single servlet using init() method.

We can pass initialization parameters to a servlet using web.xml file.

Only one ServletConfig object per servlet will be created.

public void

init(ServletConfig sc)

throws ServletException{

super.init(sc);

}

Solution is to use

<param-name> and <param-value> tags under servlet will provide servlet wide parameters.




<web-app>

.........

.........

<servlet>

<init-param>

<param-name>Admin</param-name>

<param-value>TalentSprint</param-value>

</init-param>

</servlet>

.........

.........

</web-app>


Init Parameter Names in web.xml



public class GettingInitParameterNames extends HttpServlet {

private String admin = "";

public void init(ServletConfig config) throws

ServletException {

super.init(config);

admin = config.getInitParameter("Admin");

}

public void doGet(HttpServletRequest req, HttpServletResponse

res)

throws IOException {

ServletOutputStream out = res.getOutputStream();

res.setContentType("text/html");

out.println("Admin Name: " + admin);

}

}


Read Init Parameter Names in Servlet



• A ServletContext object is the runtime representation of the web application

• It is a window for a servlet to view it's environment

• A servlet can use this interface to get information such as initialization parameters for the web application or servlet container's version

• Every web application has one and only one ServletContextand is accessible to all active resource of that application.

• ServletConfig is related a specific Servlet

• ServletConfig consists all init parameters from web.xml file related to that servlet


ServletContext and ServleConfig Interfaces




ServletContext and ServleConfig Interfaces



• ServletContext Defines a set of methods that a servlet uses to communicate with its servlet container.

• ServletConfig is a servlet configuration object used by a servlet container used to pass information to a servlet during initialization. All of its initialization parameters can ONLY be set in deployment descriptor

• The ServletConfig parameters are specified for a particular servlet and are unknown to other servlets.

• The ServletContext parameters are specified for an entire application outside of any particular servlet and are available to all the servlets within that application.

• ServletContext has a APPLICATION SCOPE .. [GLOBALLY ACCESSIBLE ACROSS THE PAGES] where as ServletConfig has a SESSION SCOPE.. [LOCAL SCOPE......which is mostly used for intialising purpose].

Difference Between ServletContext and ServletConfig



Internet

Let us understand how HTTP(Hyper Text Transfer Protocol) works

Request Response

For every new request made by the client, server generates a new response

Session Management



So what is the problem if HTTP generates a new response always ?

It immediately forgets about previous page contents

So What ?

Session Management



Alone HTTP will not be able to maintain shopping cart like this

Because HTTP is a stateless protocol

Session Management



Ok I amtaking your order

Using Session

Client can talk with the server

This is known as Conversational state with the server

Take this ID(123) to place orders

Server remember whatever client says

Session Management



HTTP and Session Management

• HTTP is a stateless protocol.

• Each request and response message connection is independent of all others.

• Therefore, the web container must create a mechanism to store session information for a particular user.



Web Container Sessions

The web container can keep a session object for each user:



Using Session Management in a Web Application

• Each activity-specific action must store attributes (name/object pairs) that are used by other requests within the session.

• Any action can access an attribute that has already been set by processing a previous request.

• At the end of the session, the action might destroy the session object.

Using session management



Session API

• Your action controller accesses the session object through the request object.

• You can store and access any number of objects in the session object.



Storing Session Attributes

• Get session object using getSession() method of HttpServletRequest interface

• HttpSession session = request.getSesison();

• Add attribute in session:

Session.setAttribute(“suser”, user);

− suser: session attribute name

− user: variable which you want to store as session



• Get session object using getSession() method of HttpServletRequest interface

• HttpSession session = request.getSesison();

• Get attribute from session:

Session.getAttribute(“suser”);

− suser: session attribute name

Storing Session Attributes



Destroying the Session

• You can control the lifespan of all sessions using the deployment descriptor:

</web-app>

• You can control the lifespan of a specific session object using the following APIs:

«interface»HttpSession

invalidate()getCreationTime() :longgetLastAccessedTime() :longgetMaxInactiveInterval() :intsetMaxInactiveInterval(int)



• Session objects can be shared across multiple actions (for different use cases) within the same web application.

• Session objects are not shared across multiple web applications within the same web container.

• Destroying a session using the invalidate method might cause disruption to other servlets (or use cases).

Destroying the Session



Using Cookies for Session Management

• Cookies are sent in a response from the web server.

• Cookies are stored on the client’s computer.

• Cookies are stored in a partition assigned to the web server’s domain name. Cookies can be further partitioned by a path within the domain.

• All cookies for that domain (and path) are sent in every request to that web server.

• Cookies have a lifespan and are flushed by the client browser at the end of that lifespan.

IETF RFC 2109 creates an extension to HTTP to allow a web server to store information on the client machine:



Cookie API



Using Cookies Example

String name = request.getParameter("firstName");

Cookie c = new Cookie("yourname", name);

response.addCookie(c);

The code to store a cookie in the response:

Cookie[] allCookies = request.getCookies();

for ( int i=0; i < allCookies.length; i++ ) {

if ( allCookies[i].getName().equals(“yourname”) ) {

name = allCookies[i].getValue();

}

}

The code to retrieve a cookie from the request:



Performing Session Management Using Cookies

• The cookie mechanism is the default session management strategy.

• There is nothing special that you code in your servlets to use this session strategy.

• Unfortunately, some users turn off cookies on their browsers.



Using URL-Rewriting for Session Management

• URL-rewriting is used when cookies cannot be used.

• The server appends extra data on the end of each URL.

• The server associates that identifier with data it has stored about that session.

• With this URL:

http://host/path/file;jsessionid=123 session information is jsessionid=123.



Using URL-Rewriting for Session Management



URL-Rewriting Implications

• Every HTML page that participates in a session (using URL-rewriting) must include the session ID in all URLs in those pages. This requires dynamic generation.

• Use the encodeURL method on the response object to guarantee that the RLs include the session ID information.

• For example, in the EnterPlayerForm view the action attribute on the form tag must be encoded:

86.// Present the form

87.out.println(“<form action=’”

88. + response.encodeURL(“enter_player.do”)

89. + “‘ method=’POST’>”);

java

Technology

Transcript of java