Servlets

By
Uday Kumar
 Introduction

A servlet is a Jakarta technology-based web

component, managed by a container, that
generates dynamic content.

Current Version 4.0

 What are Servlets?
• Java Servlets are programs that run on a Web or
Application server and act as a middle layer between
a request coming from a Web browser or other HTTP
client and databases or applications on the HTTP
server.
• Using Servlets, you can collect input from users
through web page forms, present records from a
database or another source, and create web pages
dynamically.
• Java Servlets often serve the same purpose as
programs implemented using the Common Gateway
Interface (CGI).
 Advantages
Servlets offer several advantages in comparison with the CGI.
– Performance is significantly better.
– Servlets execute within the address space of a Web server. It is
not necessary to create a separate process to handle each client
request.
– Servlets are platform-independent because they are written in
Java.
– Java security manager on the server enforces a set of
restrictions to protect the resources on a server machine. So
servlets are trusted.
– The full functionality of the Java class libraries is available to a
servlet. It can communicate with applets, databases, or other
software via the sockets and RMI mechanisms that you have
seen already.
CGI Applicatiion

Servlet Application
Servlets Architecture
 What is a Servlet Container?
• The servlet container is a part of a web server
or application server that provides the
network services over which requests and
responses are sent.
 Servlets Tasks
Servlets perform the following major tasks:
• Read the explicit data sent by the clients (browsers). This includes an
HTML form on a Web page or it could also come from an applet or a
custom HTTP client program.
• Read the implicit HTTP request data sent by the clients (browsers). This
includes cookies, media types and compression schemes the browser
understands, and so forth.
• Process the data and generate the results. This process may require
talking to a database, executing an RMI or CORBA call, invoking a Web
service, or computing the response directly.
• Send the explicit data (i.e., the document) to the clients (browsers). This
document can be sent in a variety of formats, including text (HTML or
XML), binary (GIF images), Excel, etc.
• Send the implicit HTTP response to the clients (browsers). This includes
telling the browsers or other clients what type of document is being
returned (e.g., HTML), setting cookies and caching parameters, and
other such tasks.
 Packages
• Java Servlets are Java classes run by a web server that has an
interpreter that supports the Java Servlet specification.

• The [Link] and [Link] packages provide

interfaces and classes for writing servlets.

• All servlets must implement the Servlet interface, which

defines lifecycle methods.

• When implementing a generic service, you can use or extend

the GenericServlet class provided with the Java Servlet API.

• The HttpServlet class provides methods, such as doGet and

doPost, for handling HTTP-specific services.
 Servlet Interface
• Servlet interface provides common behaviour to
all the servlets.

• Servlet interface needs to be implemented for

creating any servlet (either directly or indirectly).

• It provides 3 life cycle methods that are used to

initialize the servlet, to service the requests, and
to destroy the servlet.
Methods of Servlet interface
GenericServlet class:
• GenericServlet class implements Servlet,
ServletConfig and Serializable interfaces. It provides the
implementaion of all the methods of these interfaces except the
service method.
• GenericServlet class can handle any type of request so it is
protocol-independent.
• You may create a generic servlet by inheriting the GenericServlet
class and providing the implementation of the service method

HttpServlet class:

• The HttpServlet class extends the GenericServlet class and

implements Serializable interface.
• HttpServlet defines a HTTP protocol specific servlet
 Servlet LifeCycle
• The lifecycle of a servlet is controlled by the
container in which the servlet has been deployed.
• When a request is mapped to a ser vlet, the
container performs the following steps.
1. If an instance of the servlet does not exist, the web
container
• Loads the servlet class.
• Creates an instance of the servlet class.
• Initializes the servlet instance by calling the init() method.
2. Invokes the service() method, passing request and
response objects.
3. If it needs to remove the servlet, the container finalizes
the servlet by calling the servlet’s destroy() method.
 Init() method
• Init(): is designed to be called only once. It is called
when the servlet is first created, and not called again
for each user request.

• When a user invokes a servlet, a single instance of

each servlet gets created, with each user request
resulting in a new thread that is handed off to doGet
or doPost as appropriate.

• The init() method simply creates or loads some data

that will be used throughout the life of the servlet.
 Service() method
• The service() method is the main method to perform
the actual task.
• The servlet container (i.e. web server) calls the
service() method to handle requests coming from the
client( browsers) and to write the formatted response
back to the client.
• Each time the server receives a request for a servlet,
the server spawns a new thread and calls service.
• The service() method checks the HTTP request type
(GET, POST, PUT, DELETE, etc.) and calls doGet, doPost,
doPut, doDelete, etc. methods as appropriate.
• doGet() Method
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException {
// Servlet code
}

• doPost() Method
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException {
// Servlet code
}

• destroy() method: The destroy() method is called only once

at the end of the life cycle of a servlet.
– This method gives your servlet a chance to close database
connections, halt background threads, write cookie lists or hit
counts to disk, and perform other such cleanup activities

public void destroy() { // Finalization code... }

 HTTP Specific Request Handling Methods

The HttpServlet abstract subclass adds additional methods beyond the basic
Servlet interface that are automatically called by the service method in the
HttpServlet class to aid in processing HTTP-based requests.
These methods are

• doGet for handling HTTP GET requests

• doPost for handling HTTP POST requests
• doPut for handling HTTP PUT requests
• doDelete for handling HTTP DELETE requests
• doHead for handling HTTP HEAD requests
• doOptions for handling HTTP OPTIONS requests
• doTrace for handling HTTP TRACE requests
1. First the HTTP requests coming to the server are delegated to the servlet
container.
2. The servlet container loads the servlet before invoking the service() method.
3. Then the servlet container handles multiple requests by spawning multiple
threads, each thread executing the service() method of a single instance of the
servlet
Web application directory structure
 Deployment Descriptor ([Link] file)
The deployment descriptor is an xml file, from which Web Container gets the
information about the servlet to be invoked.

• <web-app>
• <servlet>
• <servlet-name>Hello</servlet-name>
• <servlet-class>DemoServlet</servlet-class>
• </servlet>
•
• <servlet-mapping>
• <servlet-name>Hello</servlet-name>
• <url-pattern>/welcome</url-pattern>
• </servlet-mapping>
• </web-app>
 How web container handles the
servlet request?
The web container is responsible to handle the request. Let's see
how it handles the request.
• maps the request with the servlet in the [Link] file.
• creates request and response objects for this request
• calls the service method on the thread
• The public service method internally calls the protected service
method
• The protected service method calls the doGet method
depending on the type of request.
• The doGet method generates the response and it is passed to
the client.
• After sending the response, the web container deletes the
request and response objects. The thread is contained in the
thread pool or deleted depends on the server implementation.
 Get () Method
• The GET method sends the encoded user
information appended to the page request.
• The page and the encoded information are separated
by the ? character as follows:
Example: [Link]
– The GET method is the defualt method to pass
information from browser to web server and it produces a
long string that appears in your browser.
– Never use the GET method if you have password or other
sensitive information to pass to the server.
– The GET method has size limitation: only 1024 characters
can be in a request string.
 POST() Method
• A generally more reliable method of passing
information to a backend program is the POST
method.
• This packages the information in exactly the same
way as GET methods, but instead of sending it as a
text string after a ? in the URL it sends it as a
separate message.
• This message comes to the backend program in the
form of the standard input which you can parse and
use for your processing.
GET() & POST()
 Reading Form data using Servlet
• Servlets handles form data parsing automatically
using the following methods depending on the
situation:
– getParameter(): You call [Link]()
method to get the value of a form parameter.
– getParameterValues(): Call this method if the
parameter appears more than once and returns
multiple values, for example checkbox.
– getParameterNames(): Call this method if you want a
complete list of all parameters in the current request.
100-199 Information
200-299 Successfully processed
300-399 Redirection
400-499 Problem with Client Request
500-599 Internal problem of server

Ex: 403-Access denied, 404-File not found

 Client HTTP Request
Header Description
This header specifies the MIME types that the browser or other clients
Accept can handle. Values of image/png or image/jpeg are the two most
common possibilities.
This header specifies the character sets the browser can use to display
Accept-Charset
the information. For example ISO-8859-1.
This header specifies the types of encodings that the browser knows
Accept-Encoding how to handle. Values of gzip or compress are the two most common
possibilities.
This header specifies the client's preferred languages in case the
Accept-Language servlet can produce results in more than one language. For example en,
en-us, ru, etc.
This header is used by clients to identify themselves when accessing
Authorization
password-protected Web pages.
This header indicates whether the client can handle persistent HTTP
connections. Persistent connections permit the client or other browser
Connection
to retrieve multiple files with a single request. A value of Keep-Alive
means that persistent connections should be used
This header is applicable only to POST requests and gives the size of
Content-Length
the POST data in bytes.
 Client HTTP Request
Header Description
This header returns cookies to servers that previously sent them to the
Cookie
browser.
Host This header specifies the host and port as given in the original URL.
This header indicates that the client wants the page only if it has been
If-Modified-Since changed after the specified date. The server sends a code, 304 which
means Not Modified header if no newer result is available.
This header is the reverse of If-Modified-Since; it specifies that the
If-Unmodified-Since operation should succeed only if the document is older than the
specified date.
This header indicates the URL of the referring Web page. For example,
if you are at Web page 1 and click on a link to Web page 2, the URL of
Referer
Web page 1 is included in the Referer header when the browser
requests Web page 2.
This header identifies the browser or other client making the request
User-Agent and can be used to return different content to different types of
browsers.
 Server HTTP Response
Header Description
This header specifies the request methods (GET, POST, etc.) that
Allow
the server supports.
This header specifies the circumstances in which the response
document can safely be cached. It can have values public,
private or no-cache etc. Public means document is cacheable,
Cache-Control
Private means document is for a single user and can only be
stored in private (nonshared) caches and no-cache means
document should never be cached.
This header instructs the browser whether to use persistent in
HTTP connections or not. A value of close instructs the browser
Connection
not to use persistent HTTP connections and keep-alive means
using persistent connections.
This header lets you request that the browser ask the user to
Content-Disposition
save the response to disk in a file of the given name.
This header specifies the way in which the page was encoded
Content-Encoding
during transmission.
This header signifies the language in which the document is
Content-Language
written. For example en, en-us, ru, etc.
Server Header Description

Content-Length
Server HTTP Response
This header indicates the number of bytes in the response. This information
is needed only if the browser is using a persistent (keep-alive) HTTP
connection.
This header gives the MIME (Multipurpose Internet Mail Extension) type of
Content-Type
the response document.
This header specifies the time at which the content should be considered
Expires
out-of-date and thus no longer be cached.
This header indicates when the document was last changed. The client can
Last-Modified then cache the document and supply a date by an If-Modified-Since request
header in later requests.
This header should be included with all responses that have a status code in
Location the 300s. This notifies the browser of the document address. The browser
automatically reconnects to this location and retrieves the new document.
This header specifies how soon the browser should ask for an updated page.
Refresh You can specify time in number of seconds after which a page would be
refreshed.
This header can be used in conjunction with a 503 (Service Unavailable)
Retry-After
response to tell the client how soon it can repeat its request.
Set-Cookie This header specifies a cookie associated with the page.