Web Science/Part1: Foundations of the web/Dynamic Web Content/Basics of server side web programming

From Wikiversity
Jump to navigation Jump to search

Basics of server side web programming

Learning goals

  1. become aware of the possibilities to create dynamic content within a webserver
  2. see that you don't have to implement a webserver to be able to serve dynamic content
  3. understand some main issues like blocking I/O that one should keep in mind when doing server side programming
  4. see how the web server is the entry point for web applications
  5. whitelisting of input vs blacklisting and a method of preventing XSS

Video

Script

Register.java

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.webapp.WebAppContext;

public class Register extends HttpServlet {

	private Connection connect = null;
	private Statement statement = null;
	private ResultSet resultSet = null;

	public Register() {
		try {
			Class.forName("com.mysql.jdbc.Driver");
			// Setup the connection with the DB
			connect = DriverManager
					.getConnection("jdbc:mysql://localhost/mooc?"
							+ "user=mooc&password=studywebscience");

			// Statements allow to issue SQL queries to the database
			statement = connect.createStatement();
			// Result set get the result of the SQL query
		} catch (ClassNotFoundException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (SQLException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}

	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
			throws ServletException, IOException {
		resp.getWriter().write("hello world");
	}

	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
			throws ServletException, IOException {

	}

	public static void main(String[] args) throws Exception {
		Server server = new Server(8080);

		WebAppContext context = new WebAppContext();
		context.setDescriptor("WEB-INF/web.xml");
		context.setResourceBase("");
		context.setContextPath("");
		context.setParentLoaderPriority(true);

		server.setHandler(context);

		server.start();
		server.join();
	}
}

index.html

<html>
<head><title>Registration Form</title></head>
<body>
<h1>Registration Form for the Web Science MOOC</h1>
</body>
</html>

WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app>
  <servlet>
    <servlet-name>Register</servlet-name>
    <servlet-class>Register</servlet-class>
  </servlet>

  <servlet-mapping>
    <servlet-name>Register</servlet-name>
    <url-pattern>/servlet</url-pattern>
  </servlet-mapping>
</web-app>

Quiz

1 Why is server side programming useful?

Generate dynamic content (like pulling content from databases and put them to HTML templates)
React to HTTP headers
Allow for personalization (recommender engines)
Enable features like search

2 What should be kept in mind when doing server side programming

Web servers should communicate with the databases in a synchronous way creating blocking I/O to increase the consistency of the web application
The programs and scripts on the server should be running in a few milliseconds
The more complex your scripts the easier your web servers are a target for a denial of service attack
Web servers should support cross side scripting

Discussion