Servlet API has been supported by most Java-based web server, which means that when using servletAPI, you can inherit many of Java: not only does not exist in memory vulnerabilities and difficult pointer bugs, but also run in many different servers. The platform provided.
1.Javax.Servlet's main features
Servlet uses a commonly accepting request and a programming model that generates a response. This model uses a range of distributed system programming toolboxes, including from remote procedure to send an HTTP request to the web server.
Servlet is actually very simple, mainly to implement a servlet interface, for example:
Import javax.servlet. *;
Public class myservlet extends genericservlet {
Public void service
ServletRequest Request;
ServletRespose Response;
Throws ServleTexception, IOException
{
......
}
}
The Request and Response parameters can be operated in the service method. The data sent by the client is encapsulated, providing access to the parameters, and allows the servlet to report a variety of states (including error messages), usually, servlets can get most of the parameters through the input stream. And use the output stream to send their responses.
ServletinputStream in = request.getinputStream ();
ServletOutputStream out = response.getOutputStream ();
These input / output streams can use multiple different format data, for example: Applet and servlets can use object serialization to exchange data, or html, image format, etc.
2.Servlet and its environment
Since Servlet is a Java object, they consist of specific instance data, which means that servlets that are executing are independent applications running inside the server.
During initialization, servlet accesses some specific servlet configuration data, which allows different instances of the same servlet class to initialize different data and managed as a servlet for different names. In the data provided during initialization, each instance is included where to save their own state.
Servlets can also use servletContext objects interact with their own environment.
3. Usage mode
Servlets can use the following modes, however, different is all server environment support all of these modes:
(1) The basic mode is the core in request / response protocol.
(2) The server can link multiple servlets with a filter chain.
(3) The servlet can support specific protocols, such as HTTP.
(4) In an HTTP-based application, servlet is a complete (and more efficient) alternative to CGI extensions.
(5) In an HTTP-based application, servlets can also be used as a server-side server side that contains dynamically generated web documents.
4. Main servlet method
Servlets are always dynamically loaded. Although servers typically provide a management option to force load and initialize specific servlets. Servlet is loaded with ordinary Java class load tools, which means they can be loaded from the remote directory (for example, trust)
Http: // user / servlet directory), as easy as the local file system, this way improves the flexibility of the system structure, and the release of services in the network makes it easier and fast. After servlet is loaded, its life cycle involves three main methods:
(1) Servlet is activated by the server by calling the init method. If the servlet developer needs, some intrinsic settings can be performed, so there is no need to set it once, such as initializing the session of other network services, or accessing the data they have (storage) In a database or file).
(2) After initialization, servlet handles many requests, generating a service call for each customer request, which may be parallel, which allows servlet to adjust multiple customers, and the static status of the class can be used to share in the request. data.
(3) The servlet object will process the request unless the server calls the Destroy method Explicitly shut down the servlet, the servlet class is also a valid garbage collector.
5. Security
The servlet must access the relevant information of the requesting customer, when using the security protocol, such as SSL, can be fairly reliably authenticate the other party's identity.
Servlet has most advantages of Java, such as illegal access memory and types, so that defective servlet does not cause the service crash, and this often occurs in most C language server environments.
Unlike any other server extension API, Java Servlet provides powerful security policy support, because all Java environments provide a security manager that can be used to control whether an operation is allowed, such as network files. access. By default, all servlets loaded over the network are untrustworthy, which do not perform operations such as accessing network services or local files. Just created in the Java Web Server, or in locally managed by server management, .. / servlet directory servlet is fully credible and gives all permissions.
However, servlets using digital signatures and put it in the JAR file are trusted and can be given more rights by the Security Manager. Digital signature on the execution code describes which organization is signed and guaranteed for it.
Extended APIs in other languages, such as C, or scripting languages, even if they allow digital signature to code, they cannot support such fine access control. This means that 100% pure Java extensions is fundamentally more secure than other cases, including ActiveX.
Today, most ISP (Internet Service Providers) cannot accept server extensions from their customers because they cannot protect themselves, or they cannot protect their customers from extensions created with local C code or CGI tools. However, the extension created by 100% pure Java servlet can effectively prevent data from being maliciously tampered with. With a digital signature, ISP can guarantee that when they use servlets provided by customers to extend their servers, do not worry about the dangers caused by inappropriate programming.
6. For generated HTML
Many servlets will directly generate text, standard, and international Java format output classes (such as java.io.printwrite) that can be generated (such as java.io.printwrite).
Of course, other Java HTML generation methods can also be used, for example, some multilingual sites prefer to maintain specific localized HTML template files and use localized information directory to fill these templates. In addition, many sites typically develop HTML generation packages to generate dynamic web pages. In the Web server that fully supports the servlet, the servlet may also be called by the server, and the web page is preprocesses using the server. This pretreatment request is placed in the .SHTML file, described by a specific HTML syntax to the web server.
Usually servlets can accept input parameters from many places:
(1) In the requesting input stream, it may come from an applet.
(2) The requested URI.
(3) Self-autonomous servlets or network services.
(4) Use the parameters transmitted from the HTML table.
These parameters are used to generate a response to the HTML format. In order to get the data to be returned, servlet usually access one or more databases, or other data configured by the servlet.
7. Servlet related to HTTP
Servlets using the HTTP protocol support all HTTP methods, including GET, POST, HEAD, and more. They redirect requests to other locations and send HTTP error messages. They can get the standard HTTP form transfer parameters, including HTTP to perform and describe URIs requested, for example:
String method = Request.getMethod ();
String Uri = Request.getRequesturi ();
String name = Request.getParameter ("name");
String phone = request.getParameter ("Phone");
String Card = Request.getParameter ("CreditCard");
Javax.Servlet.http.httpservlet class is the base class that implements httpservlets, which handles the details of HTTP, such as cache management, and other sub-protocols, assignment methods, and handle errors in many protocols. Implementing an HTTPSERVLET is as easy as defining a Doget or dopost method.
For httpservlets, requests and response data always available in MIME format, servlet specifies the data type of the response, then encoded data according to the set format, so that the servlet can receive any type of input data and return data requested in the form. For example: HTML, graphics (JPG or MPEG) or data formats used in specific applications.
8. Performance characteristics
One of the most prominent features of Servlet is that every request is not required to create a new process like CGI. In most environments, many servlets can run in parallel in the same process as the server. This is because servlets require only lightweight, ready-made context transitions, even if the FAST-CGI, each request involves the conversion of the reproduction of the reprogrammed context. Since most environments, servlets can handle many already Customer request, the overhead of these initialization is shared by many ways, and all customer requests faced by the service method, they have the opportunity to share data and communication resources and make full use of the advantages of the system cache.
