Вы находитесь на странице: 1из 31

Disclaimer & Acknowledgments

? Even though Sang Shin is a full-time employee of Sun

Microsystems, the contents here are created as his own
personal endeavor and thus does not reflect any official
stance of Sun Microsystems.
? Sun Microsystems is not responsible for any inaccuracies
in the contents.

Servlet Basics ? Acknowledgements

– The slides and example code of this presentation are from
“Servlet” section of Java WSDP tutorial written by Stephanie
Bodoff of Sun Microsystems
– Some slides are borrowed from “Sevlet” codecamp material
authored by Doris Chen of Sun Microsystems
– Some example codes are borrowed from “Core Servlets and
JavaServer Pages” book written by Marty Hall 2

Revision History Topics

12/24/2002: version 1 (without speaker notes) by Sang Shin

? 01/04/2003: version 2 (with partially done speaker notes) by Sang Shin

? Servlet in big picture of J2EE
? 01/13/2003: version 3 (screen shots of installing, configuring, running ? Servlet request & response model
BookStore1 are added) by Sang Shin
? 04/22/2003: version 4:
? Servlet life cycle
– Original Servlet presentation is divided into “Servlet Basics” and
“Servlet Advanced”
? Servlet scope objects
– speaker notes are added for the slides that did not have them, ? Servlet request
editing and typo checking are done via spellchecker (Sang Shin)
? Servlet response: Status, Header, Body
? Error Handling

3 4
Advanced Topics:

? Session Tracking
? Servlet Filters

Servlet life-cycle events
Including, forwarding to, and redirecting to
Servlet in a
other web resources
Concurrency Issues Big Picture of J2EE
? Invoker Servlet

5 6

J2EE 1.2 Architecture Where is Servlet and JSP

An extensible Web technology that uses template data, Java Servlet A Java program that
custom elements, scripting languages, and server-side extends the functionality of a Web
Java objects to return dynamic content to a client. server, generating dynamic content
Typically the template data is HTML or XML elements. and interacting with Web clients
The client is often a Web browser. using a request-response

Web Tier EJB Tier

7 8
What is Servlet? First Servlet Code
? Java™ objects which are based on servlet Public class HelloServlet extends HttpServlet {
framework and APIs and extend the
functionality of a HTTP server. public void doGet(HttpServletRequest request,
? Mapped to URLs and managed by response){
container with a simple architecture response.setContentType("text/html");
PrintWriter out = response.getWriter();
? Available and running on all major out.println("<title>Hello World!</title>");
web servers and app servers ...
? Platform and server independent }

9 10

CGI versus Servlet Servlet vs. CGI

CGI Servlet Request
CGI1 Child
l Written in C, C++, Visual l Written in Java Request CGI
CGI2 Based Child
Basic and Perl l Powerful, reliable, and Based Childfor
l Difficult to maintain, efficient Webserver
non-scalable, non- l Improves scalability, CGI1 Child
manageable reusability (component
l Prone to security based) Request
Servlet1 Servlet
problems of l Leverages built-in security Servlet Based
Based Webserver
programming language of Java programming
language Servlet1
l Resource intensive and Servlet2 Servlet1
inefficient l Platform independent and JVM
l Platform and portable Request Servlet1 Servlet2

11 12
Advantages of Servlet What is JSP Technology?
? No CGI limitations ? Enables separation of business logic from
? Abundant third-party tools and Web servers presentation
supporting Servlet – Presentation is in the form of HTML or
? Access to entire family of Java APIs
– Business logic is implemented as Java Beans or
? Reliable, better performance and scalability custom tags
? Platform and server independent – Better maintainability, reusability
? Secure ? Extensible via custom tags
? Most servers allow automatic reloading of ? Builds on Servlet technology
Servlet's by administrative action
13 14

What is JSP page? JSP Sample Code

? A text-based document capable of Hello World!
returning dynamic content to a client <br>
browser <jsp:useBean id="clock"
class=“calendar.JspCalendar” />
? Contains both static and dynamic Today is
content <ul>
<li>Day of month: <%= clock.getDayOfMonth() %>
– Static content: HTML, XML <li>Year: <%= clock.getYear() %>
– Dynamic content: programming code, and </html>
JavaBeans, custom tags

15 16
Servlets and JSP - Comparison
JSP Benefits
Servlets JSP ? Content and display logic are separated
• HTML code in Java • Java-like code in HTML
? Simplify development with JSP, JavaBeans
• Any form of Data • Structured Text and custom tags
• Not easy to author a • Very easy to author a ? Supports software reuse through the use of
web page web page
• Code is compiled into a
servlet ? Recompile automatically when changes are
made to the source file
? Easier to author web pages
? Platform-independent
17 18

When to use Servlet over JSP Should I Use Servlet or JSP?

? Extend the functionality of a Web server ? In practice, servlet and JSP are used
such as supporting a new file format together
? Generate objects that do not contain HTML – via MVC (Model, View, Controller) architecture
such as graphs or pie charts – Servlet handles Controller
– JSP handles View
? Avoid returning HTML directly from your
servlets whenever possible

19 20
Servlet Request and Response
Servlet Container

Servlet Request & Browser

Response Model
HTTP Servlet

Web Response

21 22

What does Servlet Do? Requests and Responses

? Receives client request (mostly in the form ? What is a request?
of HTTP request) – Information that is sent from client to a server
? Extract some information from the request ? Who made the request

? Do content generation or business logic ? What user-entered data is sent

process (possibly by accessing database, ? Which HTTP headers are sent

invoking EJBs, etc) ? What is a response?

? Create and send response to client (mostly – Information that is sent to client from a server
in the form of HTTP response) or forward ? Text(html, plain) or binary(image) data

the request to another servlet or JSP page ? HTTP headers, cookies, etc

23 24
? The most common client requests
? HTTP request contains – HTTP GET & HTTP POST
– header ? GET requests:
– a method – User entered information is appended to the URL in a
query string
Get: Input form data is passed as part of URL
– Can only send limited amount of data
? Post: Input form data is passed within message body
? .../servlet/ViewCourse?FirstName=Sang&LastName=Shin
? Header ? POST requests:
– request data – User entered information is sent as data (not appended
to URL)
– Can send any amount of data
25 26

First Servlet
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;

Public class HelloServlet extends HttpServlet {

public void doGet(HttpServletRequest request,
HttpServletResponse response)
Interfaces & Classes
of Servlet
throws ServletException, IOException {
PrintWriter out = response.getWriter();
out.println("<title>First Servlet</title>");
out.println("<big>Hello Code Camp!</big>");
27 28
Servlet Interfaces & Classes

GenericServlet HttpSession

HttpServlet Servlet Life-Cycle

ServletRequest ServletResponse

HttpServletRequest HttpServletResponse

29 30

Servlet Life-Cycle Servlet Life Cycle Methods

Is Servlet Loaded? service( )

Load Invoke
init( ) destroy( )
Init parameters
response Yes
Servlet Container

Client Server doGet( ) doPost( )

31 Request parameters 32
Servlet Life Cycle Methods Servlet Life Cycle Methods
? Invoked by container ? init()
– Container controls life cycle of a servlet – Invoked once when the servlet is first instantiated
? Defined in – Perform any set-up in this method
– javax.servlet.GenericServlet class or ? Setting up a database connection
? init() ? destroy()
? destroy() – Invoked before servlet instance is removed
? service() - this is an abstract method – Perform any clean-up
– javax.servlet.http.HttpServlet class ? Closing a previously created database connection
? doGet(), doPost(), doXxx()

? service() - implementation
33 34

Example: init() from Example: init() reading

CatalogServlet.java Configuration parameters
public class CatalogServlet extends HttpServlet {
private BookDB bookDB;
public void init(ServletConfig config) throws
ServletException {
// Perform any one-time operation for the servlet, super.init(config);
// like getting database connection object. String driver = getInitParameter("driver");
String fURL = getInitParameter("url");
// Note: In this example, database connection object is assumed try {
// to be created via other means (via life cycle event mechanism)
openDBConnection(driver, fURL);
// and saved in ServletContext object. This is to share a same
// database connection object among multiple servlets.
} catch (SQLException e) {
public void init() throws ServletException { e.printStackTrace();
bookDB = (BookDB)getServletContext(). } catch (ClassNotFoundException e){
getAttribute("bookDB"); e.printStackTrace();
if (bookDB == null) throw new }
UnavailableException("Couldn't get database.");
... 35 36
Setting Init Parameters in
Example: destory()
public class CatalogServlet extends HttpServlet {
<servlet> private BookDB bookDB;
<init-param> public void init() throws ServletException {
<param-name>driver</param-name> bookDB = (BookDB)getServletContext().
<param-value> getAttribute("bookDB");
</param-value> if (bookDB == null) throw new
</init-param> UnavailableException("Couldn't get database.");
<init-param> }
<param-name>url</param-name> public void destroy() {
jdbc:cloudscape:rmi:CloudscapeDB bookDB = null;
</servlet> ...
37 } 38

Servlet Life Cycle Methods service() & doGet()/doPost()

? service() javax.servlet.GenericServlet class ? service() methods take generic requests
– Abstract method
and responses:
? service() in javax.servlet.http.HttpServlet class – service(ServletRequest request,
– Concrete method (implementation) ServletResponse response)
– Dispatches to doGet(), doPost(), etc ? doGet() or doPost() take HTTP requests and
– Do not override this method!
? doGet(), doPost(), doXxx() in in – doGet(HttpServletRequest request,
HttpServletResponse response)
– Handles HTTP GET, POST, etc. requests – doPost(HttpServletRequest request,
– Override these methods in your servlet to provide HttpServletResponse response)
desired behavior
39 40
Service() Method doGet() and doPost() Methods
Server subclass Server HttpServlet subclass
Subclass of doGet( )
GenericServlet class
Request Request

Service( )
Service( )

Response doPost( )

Key: Implemented by subclass

Key: Implemented by subclass 41 42

Things You Do in doGet() & Example: Simple doGet()

import javax.servlet.*;
import javax.servlet.http.*;
? Extract client-sent information (HTTP import java.io.*;
parameter) from HTTP request Public class HelloServlet extends HttpServlet {
? Set (Save) and get (read) attributes to/from public void doGet(HttpServletRequest request,
HttpServletResponse response)
Scope objects throws ServletException, IOException {
? Perform some business logic or access database // Just send back a simple HTTP response
? Optionally forward the request to other Web response.setContentType("text/html");
PrintWriter out = response.getWriter();
components (Servlet or JSP) out.println("<title>First Servlet</title>");
? Populate HTTP response message and send it to out.println("<big>Hello J2EE Programmers! </big>");
client }
43 44
Example: Sophisticated doGet Example: Sophisticated doGet()
public void doGet (HttpServletRequest request,
// Get the identifier of the book to display (Get HTTP parameter)
String bookId = request.getParameter("bookId");
if (bookId != null) {
HttpServletResponse response)
throws ServletException, IOException {
// and the information about the book (Perform business logic)
try {
// Read session-scope attribute “message”
BookDetails bd = bookDB.getBookDetails(bookId);
HttpSession session = request.getSession(true);
Currency c = (Currency)session.getAttribute("currency");
ResourceBundle messages = (ResourceBundle)session.getAttribute("messages");
if (c == null) {
c = new Currency();
// Set headers and buffer size before accessing the Writer
session.setAttribute("currency", c);
PrintWriter out = response.getWriter();
// Then write the response (Populate the header part of the response) // Print out the information obtained
out.println("<html>" + out.println("...");
"<head><title>" + messages.getString("TitleBookDescription") + } catch (BookNotFoundException ex) {
throw new ServletException(ex);
// Get the dispatcher; it gets the banner to the user
RequestDispatcher dispatcher =
if (dispatcher != null)
dispatcher.include(request, response);
45 46

Steps of Populating HTTP Example: Simple Response

Response Public class HelloServlet extends HttpServlet {
public void doGet(HttpServletRequest request,
? Fill Response headers HttpServletResponse response)
throws ServletException, IOException {
? Set some properties of the response
// Fill response headers
– Buffer size response.setContentType("text/html");
? Get an output stream object from the // Set buffer size
response // Get an output stream object from the response
PrintWriter out = response.getWriter();
? Write body content to the output stream // Write body content to output stream
out.println("<title>First Servlet</title>");
out.println("<big>Hello J2EE Programmers! </big>");
47 48
Scope Objects
? Enables sharing information among
collaborating web components via
attributes maintained in Scope objects
– Attributes are name/object pairs
Scope Objects ? Attributes maintained in the Scope
objects are accessed with
– getAttribute() & setAttribute()
? 4 Scope objects are defined
– Web context, session, request, page
49 50

Four Scope Objects: Accessibility Four Scope Objects: Class

? Web context (ServletConext) ? Web context
– Accessible from Web components within a Web – javax.servlet.ServletContext
context ? Session
? Session – javax.servlet.http.HttpSession
– Accessible from Web components handling a request ? Request
that belongs to the session
– subtype of javax.servlet.ServletRequest:
? Request javax.servlet.HttpServletRequest
– Accessible from Web components handling the ? Page
– javax.servlet.jsp.PageContext
? Page
– Accessible from JSP page that creates the object 51 52
What is ServletContext For?
? Used by servets to
– Set and get context-wide (application-wide) object-
valued attributes
– Get request dispatcher
? To forward to or include web component
– Access Web context-wide initialization parameters
Web Context –
set in the web.xml file
Access Web resources associated with the Web
(ServletContext) –
– Access other misc. information
53 54

Scope of ServletContext ServletContext:

? Context-wide scope Web Application Scope
– Shared by all servlets and JSP pages within a "web
Client 1
? Why it is called “web application scope”
– A "web application " is a collection of servlets and server
content installed under a specific subset of the
server's URL namespace and possibly installed via a
*.war file
? All servlets in BookStore web application share same Client 2
ServletContext object
– There is one ServletContext object per "web
application" per Java Virtual Machine
55 56
How to Access ServletContext Example: Getting Attribute Value
Object? from ServletContext
? Within your servlet code, call public class CatalogServlet extends HttpServlet {
private BookDB bookDB;
getServletContext() public void init() throws ServletException {
? Within your servlet filter code, call // Get context-wide attribute value from
getServletContext() // ServletContext object
bookDB = (BookDB)getServletContext().
? The ServletContext is contained in getAttribute("bookDB");
ServletConfig object, which the Web server if (bookDB == null) throw new
provides to a servlet when the servlet is UnavailableException("Couldn't get database.");

initialized }
– init (ServletConfig servletConfig) in Servlet interface
57 58

Example: Getting and Using

RequestDispatcher Object Example: Logging
public void doGet (HttpServletRequest request,
public void doGet (HttpServletRequest request,
HttpServletResponse response) HttpServletResponse response)
throws ServletException, IOException { throws ServletException, IOException {
HttpSession session = request.getSession(true); ...
ResourceBundle messages = (ResourceBundle)session.getAttribute("messages");
getServletContext().log(“Life is good!”);
// set headers and buffer size before accessing the Writer ...
response.setContentType("text/html"); getServletContext().log(“Life is bad!”, someException);
PrintWriter out = response.getWriter();

// then write the response

out.println("<html>" +
"<head><title>" + messages.getString("TitleBookDescription") +

// Get the dispatcher; it gets the banner to the user

RequestDispatcher dispatcher =

if (dispatcher != null)
dispatcher.include(request, response);
59 60
Why HttpSession?
? Need a mechanism to maintain client
state across a series of requests from a
same user (or originating from the same
browser) over some period of time

Session ?
– Example: Online shopping cart
Yet, HTTP is stateless

(HttpSession) ? HttpSession maintains client state

– Used by Servlets to set and get the values of
we will talk more on HTTPSession session scope attributes
later in “Session Tracking”
61 62

How to Get HttpSession? Example: HttpSession

? via getSession() method of a Request public class CashierServlet extends HttpServlet {
public void doGet (HttpServletRequest request,
object (HttpRequest) HttpServletResponse response)
throws ServletException, IOException {

// Get the user's session and shopping cart

HttpSession session = request.getSession();
ShoppingCart cart =
// Determine the total price of the user's books
double total = cart.getTotal();

63 64
What is Servlet Request?
? Contains data passed from client to servlet
? All servlet requests implement ServletRequest
interface which defines methods for accessing
– Client sent parameters
Servlet Request – Object-valued attributes
– Locales
(HttpServletRequest) –

Client and server
Input stream
– Protocol information
– Content type
– If request is made over secure channel (HTTPS)

65 66

Getting Client Sent Parameters
client, server, header ? A request can come with any number of
servlet itself parameters
Request Servlet 1 ? Parameters are sent from HTML forms:
– GET: as a query string, appended to a URL
– POST: as encoded POST data, not appeared in the URL
Servlet 2
? getParameter("paraName")
– Returns the value of paraName
Response Servlet 3 – Returns null if no such parameter is present
– Works identically for GET and POST requests

Web Server 67 68
A Sample FORM using GET A Sample FORM using GET
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<TITLE>Collecting Three Parameters</TITLE>
<H1 ALIGN="CENTER">Please Enter Your Information</H1>

<FORM ACTION="/sample/servlet/ThreeParams">
First Name: <INPUT TYPE="TEXT" NAME="param1"><BR>
Last Name: <INPUT TYPE="TEXT" NAME="param2"><BR>
Class Name: <INPUT TYPE="TEXT" NAME="param3"><BR>


69 70

A FORM Based Servlet: Get A Sample FORM using POST

import java.io.*; <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
import javax.servlet.*;
import javax.servlet.http.*; <HTML>
/** Simple servlet that reads three parameters from the html form */ <HEAD>
public class ThreeParams extends HttpServlet { <TITLE>A Sample FORM using POST</TITLE>
public void doGet(HttpServletRequest request, </HEAD>
HttpServletResponse response) <BODY BGCOLOR="#FDF5E6">
throws ServletException, IOException { <H1 ALIGN="CENTER">A Sample FORM using POST</H1>
response.setContentType("text/html"); <FORM ACTION="/sample/servlet/ShowParameters" METHOD="POST">
PrintWriter out = response.getWriter(); Item Number: <INPUT TYPE="TEXT" NAME="itemNum"><BR>
String title = "Your Information";
out.println("<HTML>" + Quantity: <INPUT TYPE="TEXT" NAME="quantity"><BR>
"<BODY BGCOLOR=\"#FDF5E6\">\n" + Price Each: <INPUT TYPE="TEXT" NAME="price" VALUE="$"><BR>
"<H1 ALIGN=CENTER>" + title + "</H1>\n" + First Name: <INPUT TYPE="TEXT" NAME="firstName"><BR>
"<UL>\n" + <TEXTAREA NAME="address" ROWS=3 COLS=40></TEXTAREA><BR>
" <LI><B>First Name in Response</B>: " Credit Card Number:
+ request.getParameter("param1") + "\n" + <INPUT TYPE="PASSWORD" NAME="cardNum"><BR>
" <LI><B>Last Name in Response</B>: " <CENTER>
+ request.getParameter("param2") + "\n" + <INPUT TYPE="SUBMIT" VALUE="Submit Order">
" <LI><B>NickName in Response</B>: " </CENTER>
+ request.getParameter("param3") + "\n" +
"</UL>\n" + </FORM>
"</BODY></HTML>"); </BODY>
} </HTML>
71 72
A Sample FORM using POST A Form Based Servlet: POST
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class ShowParameters extends HttpServlet {

public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);

73 74

Who Set Object/value Attributes Getting Locale Information

public void doGet (HttpServletRequest request,
HttpServletResponse response)
? Request attributes can be set in two ways throws ServletException, IOException {
– Servlet container itself might set attributes to make HttpSession session = request.getSession();
available custom information about a request ResourceBundle messages =
example: javax.servlet.request.X509Certificate attribute for ("messages");
if (messages == null) {
– Servlet set application-specific attribute Locale locale=request.getLocale();
void setAttribute(java.lang.String name, java.lang.Object o) messages = ResourceBundle.getBundle(
"messages.BookstoreMessages", locale);
? Embedded into a request before a RequestDispatcher call session.setAttribute("messages", messages);

75 76
Getting Client Information Getting Server Information
? Servlet can get client information from ? Servlet can get server's information:
the request – String request.getServerName()

e.g. "www.sun.com"
String request.getRemoteAddr()
? Get client's IP address – int request.getServerPort()

e.g. Port number "8080"
String request.getRemoteHost()
? Get client's host name

77 78

Getting Misc. Information

? Input stream
– ServletInputStream getInputStream()
– java.io.BufferedReader getReader()
? Protocol
– java.lang.String getProtocol()
? Content type
– java.lang.String getContentType() HTTPServletRequest
? Is secure or not (if it is HTTPS or not)
– boolean isSecure()
79 80
What is HTTP Servlet Request? HTTP Request URL
? Contains data passed from HTTP client to HTTP servlet ? Contains the following parts
? Created by servlet container and passed to servlet as a – http://[host]:[port]/[request path]?[query string]
parameter of doGet() or doPost() methods
? HttpServletRequest is an extension of ServletRequest
and provides additional methods for accessing
– HTTP request URL
? Context, servlet, path, query information

– Misc. HTTP Request header information

– Authentication type & User security information
– Cookies
– Session
81 82

HTTP Request URL: [request path] HTTP Request URL: [query string]
? http://[host]:[port]/[request path]?[query string] ? http://[host]:[port]/[request path]?[query string]
? [request path] is made of ? [query string] are composed of a set of parameters
– Context: /<context of web app> and values that are user entered
– Servlet name: /<component alias> ? Two ways query strings are generated
– Path information: the rest of it – A query string can explicitly appear in a web page
? Examples ?
<a href="/bookstore1/catalog?Add=101">Add To Cart</a>
– http://localhost:8080/hello1/greeting ? String bookId = request.getParameter("A d d") ;
– http://localhost:8080/hello1/greeting.jsp – A query string is appended to a URL when a form with a
– http://daydreamer/catalog/lawn/index.html GET HTTP method is submitted
? String userName=request.getParameter(“username”)
83 84
Context, Path, Query, Parameter HTTP Request Headers
? HTTP requests include headers which provide
? String getContextPath() extra information about the request
? String getQueryString() ? Example of HTTP 1.1 Request:
? String getPathInfo() GET /search? keywords= servlets+ jsp HTTP/ 1.1
Accept: image/ gif, image/ jpg, */*
? String getPathTranslated() Accept-Encoding: gzip
Connection: Keep- Alive
Cookie: userID= id456578
Host: www.sun.com
Referer: http:/www.sun.com/codecamp.html
User-Agent: Mozilla/ 4.7 [en] (Win98; U)
85 86

HTTP Request Headers HTTP Request Headers

? Accept ? Connection
– Indicates MIME types browser can handle.
– In HTTP 1.1, persistent connection is default
– Servlets should set Content-Length with
? Accept-Encoding setContentLength (use ByteArrayOutputStream to
– Indicates encoding (e. g., gzip or compress) browser determine length of output) to support persistent
can handle connections.
? Authorization ? Cookie
– User identification for password- protected pages – Gives cookies sent to client by server sometime
earlier. Use getCookies, not getHeader
– Instead of HTTP authorization, use HTML forms to
send username/password and store info in session ? Host
object – Indicates host given in original URL.
– This is required in HTTP 1.1. 88
HTTP Request Headers HTTP Header Methods
? If-Modified-Since ? String getHeader(java.lang.String name)
– Indicates client wants page only if it has been
changed after specified date. – value of the specified request header as String
– Don’t handle this situation directly; implement ? java.util.Enumeration getHeaders(java.lang.String
getLastModified instead. name)
? Referer – values of the specified request header
– URL of referring Web page. ? java.util.Enumeration getHeaderNames()
– Useful for tracking traffic; logged by many servers. – names of request headers
? User-Agent ? int getIntHeader(java.lang.String name)
– String identifying the browser making the request. – value of the specified request header as an int
– Use with extreme caution!

89 90

Showing Request Headers Request Headers Sample

//Shows all the request headers sent on this particular request.
public class ShowRequestHeaders extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
PrintWriter out = response.getWriter();
String title = "Servlet Example: Showing Request Headers";
out.println("<HTML>" + ...
"<B>Request Method: </B>" +
request.getMethod() + "<BR>\n" +
"<B>Request URI: </B>" +
request.getRequestURI() + "<BR>\n" +
"<B>Request Protocol: </B>" +
request.getProtocol() + "<BR><BR>\n" +
"<TH>Header Name<TH>Header Value");
Enumeration headerNames = request.getHeaderNames();
while(headerNames.hasMoreElements() ) {
String headerName = (String)headerNames.nextElement() ;
out.println("<TR><TD>" + headerName);
out.println(" <TD>" + request.getHeader(headerName) );

91 92
Authentication & User Security Cookie Method (in
Information Methods HTTPServletRequest)
? String getRemoteUser() ? Cookie[] getCookies()
– name for the client user if the servlet has been
– an array containing all of the Cookie objects the
password protected, null otherwise
client sent with this request
? String getAuthType()
– name of the authentication scheme used to protect
the servlet
? boolean isUserInRole(java.lang.String role)
– Is user is included in the specified logical " role" ?
? String getRemoteUser()
– login of the user making this request, if the user
has been authenticated, null otherwise
93 94

What is Servlet Response?

? Contains data passed from servlet to client
? All servlet responses implement ServletResponse
– Retrieve an output stream
Servlet Response – Indicate content type
– Indicate whether to buffer output
(HttpServletResponse) – Set localization information
? HttpServletResponse extends ServletResponse
– HTTP response status code
– Cookies

95 96
Responses Response Structure

Status Code
Request Servlet 1

Response Headers

Response Structure: Servlet 2

status code , headers Response Body
and body.

Response Servlet 3

Web Server
97 98

HTTP Response Status Codes

? Why do we need HTTP response status code?
– Forward client to another page
– Indicates resource is missing
– Instruct browser to use cached copy

Status Code in
Http Response
99 100
Methods for Setting HTTP Example of HTTP Response
Response Status Codes Status
? public void setStatus(int statusCode) HTTP/ 1.1 200 OK
Content-Type: text/ html
– Status codes are defined in HttpServletResponse <! DOCTYPE ...>
Status codes are numeric fall into five general ...
categories: </ HTML>
? 100-199 Informational
? 200-299 Successful
300-399 Redirection
? 400-499 Incomplete
500-599 Server Error
– Default status code is 200 (OK) 101 102

Common Status Codes Common Status Codes

? 200 (SC_OK)
– Note the message is " Found"
– Success and document follows
– Requested document temporarily moved elsewhere
– Default for servlets
(indicated in Location header)
? 204 (SC_No_CONTENT) – Browsers go to new location automatically
– Success but no response body – Servlets should use sendRedirect , not setStatus,
– Browser should keep displaying previous when setting this header
document ? 401 (SC_UNAUTHORIZED)
? 301 (SC_MOVED_PERMANENTLY) – Browser tried to access password- protected page

– The document moved permanently (indicated in

without proper Authorization header
Location header) ? 404 (SC_NOT_FOUND)
– No such page
– Browsers go to new location automatically
103 104
Methods for Sending Error setStatus() & sendError()
try {
? Error status codes (400-599) can be used }
returnAFile(fileName, out)

in sendError methods. catch (FileNotFoundException e)

{ response.setStatus(response.SC_NOT_FOUND);
? public void sendError(int sc) out.println("Response body");
– The server may give the error special treatment
? public void sendError(int code, String has same effect as

message) try {
returnAFile(fileName, out)
– Wraps message inside small HTML document }
catch (FileNotFoundException e)
{ response.sendError(response.SC_NOT_FOUND);
105 106

Why HTTP Response Headers?

? Give forwarding location
? Specify cookies
? Supply the page modification date
? Instruct the browser to reload the page
after a designated interval
Header in ? Give the file size so that persistent HTTP
connections can be used
Http Response ? Designate the type of document being
? Etc. 108
Methods for Setting Arbitrary Methods for setting Common
Response Headers Response Headers
? public void setHeader( String headerName, String ? setContentType
headerValue) – Sets the Content- Type header. Servlets almost
– Sets an arbitrary header. always use this.
? public void setDateHeader( String name, long millisecs) ? setContentLength
– Converts milliseconds since 1970 to a date string in GMT – Sets the Content- Length header. Used for persistent
format HTTP connections.
? public void setIntHeader( String name, int headerValue) ? addCookie
– Prevents need to convert int to String before calling – Adds a value to the Set- Cookie header.
setHeader ? sendRedirect
? addHeader, addDateHeader, addIntHeader – Sets the Location header and changes status code.
– Adds new occurrence of header instead of replacing.
109 110

Common HTTP 1.1 Response Common HTTP 1.1 Response

Headers Headers (cont.)
? Location ? Cache-Control (1.1) and Pragma (1.0)
– Specifies a document's new location. – A no-cache value prevents browsers from
– Use sendRedirect instead of setting this caching page. Send both headers or check HTTP
directly. version.
? Refresh ? Content- Encoding
– Specifies a delay before the browser – The way document is encoded. Browser
automatically reloads a page. reverses this encoding before handling
? Set-Cookie document.
– The cookies that browser should remember. ? Content- Length
Don’t set this header directly.
– The number of bytes in the response. Used for
– use addCookie instead.
persistent HTTP connections. 112
Common HTTP 1.1 Response Refresh Sample Code
Headers (cont.)
? Content- Type public class DateRefresh extends HttpServlet {
public void doGet(HttpServletRequest req,
– The MIME type of the document being returned. HttpServletResponse res)
– Use setContentType to set this header. throws ServletException, IOException {
? Last- Modified res.setContentType("text/plain");
PrintWriter out = res.getWriter();
– The time document was last changed res.setHeader("Refresh", "5");
– Don’t set this header explicitly. out.println(new Date().toString());
– provide a getLastModified method instead. }

113 114

Writing a Response Body

? A servlet almost always returns a response
? Response body could either be a PrintWriter
or a ServletOutputStream
? PrintWriter
Body in –

Using response.getWriter()
For character-based output
Http Response ? ServletOutputStream
– Using response.getOutputStream()
– For binary (image) data
115 116
Handling Errors
? Web container generates default error page
? You can specify custom default page to be
displayed instead
? Steps to handle errors
Handling Errors – Create appropriate error html pages for error
– Modify the web.xml accordingly

117 118

Example: Setting Error Pages in

119 120
Resources Used
? Java Web Services Developer Pack Download
– java.sun.com/webservices/downloads/webservicespack.html
? Java Web Services Developer Pack Tutorial
– java.sun.com/webservices/downloads/webservicestutorial.html
? Java Servlet 2.3 specification
– http://www.jcp.org/aboutJava/communityprocess/final/jsr053
? Core Servlets and JavaServer Pages (written by
Marty Hall)
– pdf.coreservlets.com/

121 122