lecture 25 - university of massachusetts amherst · 2010. 12. 7. · 4 html and script are returned...
TRANSCRIPT
1
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Lecture 25
Server Side
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
AnnouncementsProject 3 (final project) now due 12/17HW#10: two surveys and will be due 12/17post tonight?
Any questions on Yariv’s lecture on privacy,security?Yes, it will be covered on the exam!
Extended office hours this week & nextToday 11:00 AM-noon and 1:30-2:45 PMThursday 3-5:00 PMMonday 10:30 AM-noon
Final will cover JSBE 1-12, 15; review ThursdayDecember 14th 8-10:00am, Goessmann 64Open book + handouts + 3x5 file card
2
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Web services vs. web programming
web services = remote procedure callSOAPstructured data (XML)methods and responsesregistration & discoverygenerally, for machine consumption
web programming generate HTML pagesfor humansoften, database-drivenreplacement for IBM 3270 terminals ...
adapted from Henning Schulzrinne Advanced Programming Columbia U.
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Client vs. server programmingexecute code on client : JavaScript, JavaJavaScript (aka ECMAscript):
modify and get values from HTML ("document objectmodel" – DOM)
download Java applet self-contained programmingenvironment
Execute code on server generate documentstate maintenance (HTTP stateless)
login, shopping cart, preferences
HTML-centric vs. program-centricHTML-centric: PHP, ASPcgi, fast-cgi(Java) servlet
adapted from Henning Schulzrinne Advanced Programming Columbia U.
3
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Taxonomy
JavaScript
SSI, ASP,PHP, JSP,
CFM
embedded inHTML separate
Java applets,plug-inclient
server API(NSAPI), cgi,
servletsserver
adapted from Henning Schulzrinne AdvancedProgramming Columbia U.
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Static Web Page Delivery
Web Server
Client
1Author writesHTML
2Client requests page
3 Web server locates .htm file
HTML stream returned to browser4
5Browserprocessespage
Tom HortonAlfred C. WeaverCS453 Electronic Commerce
4
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010 7
Dynamic Web Page Delivery
Web Server
Client
1Author writesinstructions
2Client requests page
3 Web server locates instructions file
6 Browser displays HTML
HTML and script are returned to browser4
5Web browser processes scriptto create HTML
Tom HortonAlfred C. WeaverCS453 Electronic Commerce
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
HTML Forms
Provide GUI-like components in your page Inputs: buttons, textboxes, radio
buttons, selections Output fields: text boxes etc.
Can send information to the server Can be accessed by JavaScript code on
the client-side I found this
http://www-edlab.cs.umass.edu/cs120/ClassDemos/JSExamples/forms.html
5
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
JavaScript – DOMJavaScript and HTML FormsWindow.document.formA form is a property of the document butis also an objectForm elements are properties of a formand are also objectsAccess to form’s properties is donethrough the name attribute of the formtagAccess to the properties of the formelements is done through the nameattributes of the particular form element
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
InteractiveProgrammingon the Internet -- Knuckles
function plus(){ var n1;
var n2;n1=document.addmult.num1.value;n2=document.addmult.num2.value;
n1=parseFloat(n1);n2=parseFloat(n2);
document.addmult.result.value=n1+n2;}function times(){
var n1;var n2;n1=document.addmult.num1.value;n2=document.addmult.num2.value;
n1=parseFloat(n1);n2=parseFloat(n2);
document.addmult.result.value=n1*n2;}
<body bgcolor="#ffffcc"><p><form name=addmult> <p>enter a number in each field: <input type=text name=num1 value="" size=5> <input type=text name=num2 value="" size=5><br> <input type=button value="+" onclick="plus()"> <input type=button value="*" onclick="times()"><br> <input type=reset value="reset form"><br> <textarea name=result rows=3 cols=27 wrap=virtual></textarea></form>
exampleJavaScript and HTML Forms
http://www-edlab.cs.umass.edu/cs120/ClassDemos/JSExamples/FormExample1.html
6
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
• Form for submitting info for server side processing exampleJavaScript and HTML Forms
InteractiveProgrammingon the Internet -- Knuckles
http://www-edlab.cs.umass.edu/cs120/ClassDemos/JSExamples/FormExample2.html
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Example: JavaScript – cookiesvar expires = new Date()var today = new Date()function setCookie(name, value, hours) { var expire = new Date(); expire.setTime (expire.getTime() + (1000 * 60 * 60 * hours)); document.cookie = name + "=" + escape(value) + ((expire == null) ? "" : ("; expires=" + expire.toGMTString()))}function unsetCookie(name) { var exp = new Date(); exp.setTime(today.getTime() - 10); document.cookie = name + "=" + "; expires=" + exp.toGMTString()}expires.setTime(today.getTime() + 86400*365)
7
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010 13
Server-side Dynamic Page Delivery
Client
Web Server1Author writesinstructions
2Client requests page
3 Web server locates instructions file
HTML stream returned to browser5
6Browser processespage
4 Web server processes instructions to create HTML
Lots of processing can happen on the server before returning a webpage to the clientRun programs in a scripting language (e.g. ASP)Manage sessionsCookiesSessions, shopping baskets, log-ins, etc.
Database processing
Tom HortonAlfred C. WeaverCS453 Electronic Commerce
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Server Side Includes (SSI).shtml documents (or configured by default for all.html documents)include in HMTL/XML comments<!-- #element attribute=value attribute=value ... -- >
limited scripting: if/else, include, exec, variablesprimarily for conditional inclusion, boilerplateit tells the server to replace the SSI tag withsomething else, for example a piece of text<!--#include virtual="myfile.txt" -->This is done when the page is requested and the userwill see nothing different to if the text (or code) wasalready there
8
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Server Side Includes (SSI)configsets the error-message format, time, or size
echoinserts the variable values of an ssi into your webpage
flastmodinserts a date/time stamp of when a file was lastupdated
fsizewill insert the size of a file into your web page
includeinsert the content of an HTML file into your webpage
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
SSI Example
<body><h1>SSI Test</h1>The document was last modified on<!-- #flastmod file="$DOCUMENT_NAME" --> and has <!-- #fsizefile="$DOCUMENT_NAME" -- > bytes.<h2>Environment</h2><!-- #printenv -- ></pre>
9
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Server Side Includes (SSI)Benefitscan get many pages to include the informationfrom a single file so that you could, for example,include a standard footer on each page with yourcopyright information<!--#include virtual="/common/myfile.txt" -->This would be the same even if it was on the pagewww.mysite.com/index.htm orwww.mysite.com/html/files/myfile.htm
update all the pages by just changing this one page.use SSI to execute a CGI script on your server
text counters, advanced advert rotations, randomtext and images and several other extras on yourweb pages
one of the best uses of SSI
Security issues: exec
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Client Server Strategies
CGI (Common Gateway Interface)Active Server PagesPersonal Home Pages (PHP)MS Active Server Pages (ASP)Cold Fusion
Java Servlets and JSPEnterprise Java Beans
CS-422Enterprise ComputingDick Steflik
10
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Common gateway interface (cgi)
Earliest attempt at dynamic web contentpre- HTTP, rooted in gopherreliableresource hog
Program run by web server in response toclient requestlanguage-independentperl, C, C++, VB, Java, python, tcl
passes HTTP request information viacommand line (ISINDEX) – rarely usedenvironment variables: system info + querystring (GET)request body (POST) standard input
return HTML or XML via standard outputCS-422Enterprise ComputingDick Steflik
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
CGI (more)
Very useful used in conjunction withJava based clients for things like:Report Generation (WebFocus)Data retrieval (files and RDBMS)Persistent object storage (files)
Could almost be replaced by server sideJavaHard to maintain program statemust rely on programming tricks
cookies, hidden variablesCS-422Enterprise ComputingDick Steflik
11
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Browser
Web
Server
DBCGI
Program
Static Web page with forms tags<form action=/CGI-BIN/AAA.PL>
CGI
Example:<form action=scripturi method=GET|POST>form fields:<input type="text" name="text1" size=10
maxlength=15 value="Initial text"><input type="hidden" name="state" value="secret"><input type=radio name=radio value=WNYC checked><input type=radio name=radio value=KQED><input type=submit value="Submit">
CS-422Enterprise ComputingDick Steflik
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
CGI (more) If another user requests a CGI while the CGI is alreadyrunning; the web server spawns a child process andruns another instance of the CGI there.
For frequently run CGIs there may be many copies inthe machine at the same time
…resource hog (web servers that run a lot of CGIs willuse all of the memory you can afford)
Browser
Web
Server
DBCGI
Program
CGI
Program
CGI
Program
Browser Browser
CS-422Enterprise ComputingDick Steflik
12
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Active Server Page Technologies
HTML pages that appear to be database awareHTML with an embedded scripting languageand either CGI or proprietary server supportare used to make forms objects appear to bedatabase awareMain contenders:PHP (Open Source)Microsoft Active Server Pages (OEM Product)Cold Fusion (OEM Product)Java Server Pages (Open licensing from Sun)
CS-422Enterprise ComputingDick Steflik
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
PHP (Personal Home Pages)Core TechnologiesHTMLPHP ScriptJavaScript
PlatformsPrimarily LINUX, ApacheWindowsUNIX
DatabasesPrimarily used with MySQL (Open Source)Oracle, DB2 (MyODBC Open SourceDatabase Driver))
CS-422Enterprise ComputingDick Steflik
13
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
PHP How it worksPHP processor usually installs as a CGI that isinvoked in response to a request for a .php file(on Windows NT can run as a service)
the CGI retrieves the requested file, parses itlooking for PHP tags
PHP tags are resolved and the tag is replaces bythat resolution
Apache Web Server
MySQL DB
HTML
JavaScript
PHP CGI CS-422Enterprise ComputingDick Steflik
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Creating PHP Code BlocksCode declaration blocks are separatesections within a Web page that areinterpreted by the scripting engineThere are four types of code declarationblocks:Standard PHP script delimitersThe standard method of writing PHP codedeclaration blocks is to use the <?php and?> script delimiters
The <script> elementShort PHP script delimitersASP-style script delimiters
14
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
PHP Programming
Displaying Script ResultsThe echo() and print() statements arelanguage constructs of the PHPprogramming languageA programming language constructrefers to a built-in feature of aprogramming languageThe echo() and print() statements arevirtually identical except:The print() statement returns a value of 1if it is successfulIt returns a value of 0 if it is notsuccessful
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
PHP Programming
Multiple Code Declaration BlocksFor multiple script sections in a document, include aseparate code declaration block for each section
...</head><body><h1>Multiple Script Sections</h1><h2>First Script Section</h2><?php echo “<p>Output from the first script section.</p>”;?><h2>Second Script Section</h2><?php echo “<p>Output from the second script section.</p>”;?></body></html>
PHP code declaration blocks execute on a Web serverbefore a Web page is sent to a client
15
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Example<?php
// Load the PHP-GTK extension
$extension = "php_gtk" . (strpos(PHP_OS, "WIN") >= 0 ? ".dll" : ".so");
dl($extension);
// Create a new window
$window = &new GtkWindow();
$window->set_title("Test App");
$window->set_usize(300, 50);
$window->set_position(GTK_WIN_POS_CENTER);
$window->set_policy(false, false, false);
// Set a callback function for the destroy signal
$window->connect("destroy", "killwin");
function killwin()
{
echo("Window Destroyed!\n");
gtk::main_quit();
}
// Add a GtkVBox class to our window
$box = &new GtkVBox();
$window->add($box);
// Add a GtkEntry class to our window
$entry = &new GtkEntry();
$entry->set_text("Hello World");
$box->pack_start($entry);
// Add a GtkButton class to our window
$button = &new GtkButton("Reverse Text");
$button->connect("clicked", "reverseText", $entry);
$box->pack_start($button);
function reverseText($theButton, $theEntry)
{
$text = strrev($theEntry->get_text());
$theEntry->set_text($text);
}
// Show the window
$window->show_all();
// Start the main PHP-GTK listener loop
gtk::main();
?>
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Advantages of PHP
Light-weightCross-platform compatibleProcedural / Object OrientedprogrammingSupports wide range of DatabasesSupports wide variety of outputsSupports wide variety of protocolsExtremely useful text processingfeatures
16
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
CS-422Enterprise ComputingDick Steflik
PHP
BenefitsCheap, Open SourceEasy to learnspecial HTML-like tagsvery reminiscent of C
many Open Source, domain specificadd ons available
ProblemsSupport is typical of Open Source(but quality is high)
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
CS-422Enterprise ComputingDick Steflik
Microsoft Active Server Pages
Core technologiesMS Internet Information ServerMS Internet Explorer (IE4.0)VBScriptJavaActiveXSQL Server & AccessDCOM
Works only on Windows (NT Server andW2000 Server)
17
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Data Base,(Access
SQLServer)
VBScript
HTML
JavaScriptVBScript
IIS
Java
ActiveX
IE 4.0
CS-422Enterprise ComputingDick Steflik
Microsoft ASP Architecture
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
CS-422Enterprise ComputingDick Steflik
Microsoft ASPHow it works
IIS retrieves the requested file, parses it looking forJscript/VBScript and resolves the script by replacing it withthe resolution (values/text)
BenefitsA 100% MS solution, important for many corporate ISshops
Easy to learnbased on VBskills are readily available from the large number of VBprogrammers
easy accessibility to Windows API and DLLsProblems
Security has always been a problem due to MS frequent OSand product release cycle
18
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
PHP vs. ASP
PHP is fasterSuperior Memory ManagementCloser to C Style of ProgrammingCross Platform Migration StrategyDynamic generation of UI is moreflexible
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
CS-422Enterprise ComputingDick Steflik
Java Servlets
Core TechnologiesJavaHTML, Javascript
PlatformsNT, LINUX, SolarisApache/Tomcat, Netscape/iPlanet,JRun
Databasesall JDBC enabled (DB2, Oracle,Sybase, Informix)
19
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
HTML
JavaScript Web Serverwith servlet
engine & JRE
Database
Servlet
Cache
CS-422Enterprise ComputingDick Steflik
Java Servlet Architecture
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
CS-422Enterprise ComputingDick Steflik
Java ServletsHow it works
Web server receives request for servlet (name is mapped toa class file by Java web server) . Servlet is loaded into cacheand run in the JRE. HTML produced by servlet is returned tobrowser
BenefitsCross platform as long as compliant servlet engine isavailabe
Easy to learn for Java/C++ programmersmuch support available via the webfaster than interpretive technologies (like PHP, ASP, CF)
Problemsstill hard to find skillsstill considered to be “bleeding edge” by many IS shops
20
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
CS-422Enterprise ComputingDick Steflik
Java Server Pages
Core TechnologiesJavaHTML, Javascript
PlatformsNT, LINUX, SolarisApache/Tomcat, Netscape/iPlanet,JRun
Databases all JDBC enabled (DB2, Oracle,Sybase, Informix)
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
JSP Architecture
HTML
JavaScript Web Server with
JSP engine &JRE
Database
Servlet
Cache
CS-422Enterprise ComputingDick Steflik
21
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
CS-422Enterprise ComputingDick Steflik
What is a JSP
Combination of HTML, Javascript,and a set of Java tags (5)Java tags allow java code and callsto Javabeans to be embedded inlineJava tags also allow control of theJava runtime environment
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
CS-422Enterprise ComputingDick Steflik
Java Server PagesHow it worksWeb server receives request for .jsp. JSP engineconverts the page to source code for a Java Servlet,source is compiled by javac and class is moved tocache for deployment
BenefitsCross platform as long as compliant engine is availabeAllows Integrated Product Team developmentfaster than interpretive technologies (like PHP, ASP,CF)
Problemsstill hard to find skillsstill considered to be “very bleeding edge” by many ISshops
22
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
PHP vs. JSPPHP is faster in execution timeA recent survey in ZDnet's eWeekonline publication found that PHP is asmuch as 3.5 times faster than JSPFaster in development time – flatterlearning curvePHP supports any 32-bit or betterplatform, whereas JSP supports onlyplatforms that have a Java virtualmachine available
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
CS-422Enterprise ComputingDick Steflik
Cold FusionCore TechnologiesProprietary, tag based, embeddedscripting languageJavascript, Java
PlatformsNT, LINUX, SolarisApache, Netscape/iPlanet, IIS
DatabasesAccess, MS SQL Server (NT W/2000Only)Sybase, Oracle, DB2MySQL (requires MYODBC driver)
23
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
Cold Fusion Architecture
Database
HTML
JavaScript Web Server
ColdFusion
Server
ODBC
JDBC
Native
Java
CS-422Enterprise ComputingDick Steflik
UNIVERSITY OF MASSACHUSETTS AMHERST •• CMPSCI 120 Fall 2010
CS-422Enterprise ComputingDick Steflik
Cold FusionHow it worksWeb server receives request for .cfm file and passesthe request to the CF server. CF Server parses the filereturning all non- CF tags to the requesting browserand resolving the CF tags into their resolvedtext/values
BenefitsMulti-platformEasy to learn
tag based (looks like HTML, gives web community comfortthat its just some additional tags)
much support available via the web, wide following inthe web community
ProblemsOEM pricing (current price of $5K/server)