英文文獻及翻譯Servlet和JSP技術簡述

1、An Overview of Servlet and JSP TechnologyNagle ,WiegleyAbstract: Servlet program running in the server-side, dynamically generated Web page with the traditional CGI and many other similar compared to CGI technology, Java Servlet with a more efficient, easier to use, more powerful and has better port

2、ability, more savings to invest. .Keywords: JSP Technology;Servlet;HTTP server1. A Servlet's JobServlets are Java programs that run on Web or application servers, acting as a middle layer between requests coming from Web browsers or other HTTP clients and databases or applications on the HTTP se

3、rver. Their job is to perform the following tasks, as illustrated in Figure 1-1.Figure 1-1 Web middleware role1.1 Read the explicit data sent by the client.The end user normally enters this data in an HTML form on a Web page. However, the data could also come from an applet or a custom HTTP client p

4、rogram.1.2 Read the implicit HTTP request data sent by the browser.Figure 1-1 shows a single arrow going from the client to the Web server (the layer where servlets and JSP execute), but there are really two varieties of data: the explicit data that the end user enters in a form and the behind-the-s

5、cenes HTTP information. Both varieties are critical. The HTTP information includes cookies, information about media types and compression schemes the browser understands, and so on.1.3 Generate the results.This process may require talking to a database, executing an RMI or EJB call, invoking a Web s

6、ervice, or computing the response directly. Your real data may be in a relational database. Fine. But your database probably doesn't speak HTTP or return results in HTML, so the Web browser can't talk directly to the database. Even if it could, for security reasons, you probably would not wa

7、nt it to. The same argument applies to most other applications.You need the Web middle layer to extract the results inside a document.1.4 Send the explicit data (i.e., the document) to the client.This document can be sent in a variety of formats, including text (HTML or XML), binary (GIF images), or

8、 even a compressed format like gzip that is layered on top of some other underlying format. But, HTML is by far the most common format, so an important servlet/JSP task is to wrap the results inside of HTML.1.5 Send the implicit HTTP response data.Figure 1-1 shows a single arrow going from the Web m

9、iddle layer (the servlet or JSP page) to the client. But, there are really two varieties of data sent: the document itself and the behind-the-scenes HTTP information. Again, both varieties are critical to effective development. Sending HTTP response data involves telling the browser or other client

10、what type of document is being returned (e.g., HTML), setting cookies and caching parameters, and other such tasks. 2 Why Build Web Pages Dynamically?many client requests can be satisfied by prebuilt documents, and the server would handle these requests without invoking servlets. In many cases, howe

11、ver, a static result is not sufficient, and a page needs to be generated for each request. There are a number of reasons why Web pages need to be built on-the-fly:2.1 The Web page is based on data sent by the client.For instance, the results page from search engines and order-confirmation pages at o

12、nline stores are specific to particular user requests. You don't know what to display until you read the data that the user submits. Just remember that the user submits two kinds of data: explicit (i.e., HTML form data) and implicit (i.e., HTTP request headers). Either kind of input can be used

13、to build the output page. In particular, it is quite common to build a user-specific page based on a cookie value.2.2 The Web page is derived from data that changes frequently.If the page changes for every request, then you certainly need to build the response at request time. If it changes only per

14、iodically, however, you could do it two ways: you could periodically build a new Web page on the server (independently of client requests), or you could wait and only build the page when the user requests it. The right approach depends on the situation, but sometimes it is more convenient to do the

15、latter: wait for the user request. For example, a weather report or news headlines site might build the pages dynamically, perhaps returning a previously built page if that page is still up to date.2.3 The Web page uses information from corporate databases or other server-side sources.If the informa

16、tion is in a database, you need server-side processing even if the client is using dynamic Web content such as an applet. Imagine using an applet by itself for a search engine site:"Downloading 50 terabyte applet, please wait!" Obviously, that is silly; you need to talk to the database. Go

17、ing from the client to the Web tier to the database (a three-tier approach) instead of from an applet directly to a database (a two-tier approach) provides increased flexibility and security with little or no performance penalty. After all, the database call is usually the rate-limiting step, so goi

18、ng through the Web server does not slow things down. In fact, a three-tier approach is often faster because the middle tier can perform caching and connection pooling.In principle, servlets are not restricted to Web or application servers that handle HTTP requests but can be used for other types of

19、servers as well. For example, servlets could be embedded in FTP or mail servers to extend their functionality. And, a servlet API for SIP (Session Initiation Protocol) servers was recently standardized (see /en/jsr/detail?id=116). In practice, however, this use of servlets has not caugh

20、t on, and we'll only be discussing HTTP servlets.3 The Advantages of Servlets Over "Traditional" CGIJava servlets are more efficient, easier to use, more powerful, more portable, safer, and cheaper than traditional CGI and many alternative CGI-like technologies.3.1 EfficientWith tradit

21、ional CGI, a new process is started for each HTTP request. If the CGI program itself is relatively short, the overhead of starting the process can dominate the execution time. With servlets, the Java virtual machine stays running and handles each request with a lightweight Java thread, not a heavywe

22、ight operating system process. Similarly, in traditional CGI, if there are N requests to the same CGI program, the code for the CGI program is loaded into memory N times. With servlets, however, there would be N threads, but only a single copy of the servlet class would be loaded. This approach redu

23、ces server memory requirements and saves time by instantiating fewer objects. Finally, when a CGI program finishes handling a request, the program terminates. This approach makes it difficult to cache computations, keep database connections open, and perform other optimizations that rely on persiste

24、nt data. Servlets, however, remain in memory even after they complete a response, so it is straightforward to store arbitrarily complex data between client requests.3.2 ConvenientServlets have an extensive infrastructure for automatically parsing and decoding HTML form data, reading and setting HTTP

25、 headers, handling cookies, tracking sessions, and many other such high-level utilities. In CGI, you have to do much of this yourself. Besides, if you already know the Java programming language, why learn Perl too? You're already convinced that Java technology makes for more reliable and reusabl

26、e code than does Visual Basic, VBScript, or C+. Why go back to those languages for server-side programming?3.3 PowerfulServlets support several capabilities that are difficult or impossible to accomplish with regular CGI. Servlets can talk directly to the Web server, whereas regular CGI programs can

27、not, at least not without using a server-specific API. Communicating with the Web server makes it easier to translate relative URLs into concrete path names, for instance. Multiple servlets can also share data, making it easy to implement database connection pooling and similar resource-sharing opti

28、mizations. Servlets can also maintain information from request to request, simplifying techniques like session tracking and caching of previous computations.3.4 PortableServlets are written in the Java programming language and follow a standard API. Servlets are supported directly or by a plugin on

29、virtually every major Web server. Consequently, servlets written for, say, Macromedia JRun can run virtually unchanged on Apache Tomcat, Microsoft Internet Information Server (with a separate plugin), IBM WebSphere, iPlanet Enterprise Server, Oracle9i AS, or StarNine WebStar. They are part of the Ja

30、va 2 Platform, Enterprise Edition (J2EE; see so industry support for servlets is becoming even more pervasive.3.5 InexpensiveA number of free or very inexpensive Web servers are good for development use or deployment of low- or medium-volume Web sites. Thus, with servlets and JSP you can start with

31、a free or inexpensive server and migrate to more expensive servers with high-performance capabilities or advanced administration utilities only after your project meets initial success. This is in contrast to many of the other CGI alternatives, which require a significant initial investment for the

32、purchase of a proprietary package.Price and portability are somewhat connected. For example, Marty tries to keep track of the countries of readers that send him questions by email. India was near the top of the list, probably behind the U.S. Marty also taught one of his JSP and servlet training cour

33、ses (see in Manila, and there was great interest in servlet and JSP technology there.Now, why are India and the Philippines both so interested? We surmise that the answer is twofold. First, both countries have large pools of well-educated software developers. Second, both countries have (or had, at

34、that time) highly unfavorable currency exchange rates against the U.S. dollar. So, buying a special-purpose Web server from a U.S. company consumed a large part of early project funds.But, with servlets and JSP, they could start with a free server: Apache Tomcat (either standalone, embedded in the r

35、egular Apache Web server, or embedded in Microsoft IIS). Once the project starts to become successful, they could move to a server like Caucho Resin that had higher performance and easier administration but that is not free. But none of their servlets or JSP pages have to be rewritten. If their proj

36、ect becomes even larger, they might want to move to a distributed (clustered) environment. No problem: they could move to Macromedia JRun Professional, which supports distributed applications (Web farms). Again, none of their servlets or JSP pages have to be rewritten. If the project becomes quite l

37、arge and complex, they might want to use Enterprise JavaBeans (EJB) to encapsulate their business logic. So, they might switch to BEA WebLogic or Oracle9i AS. Again, none of their servlets or JSP pages have to be rewritten. Finally, if their project becomes even bigger, they might move it off of the

38、ir Linux box and onto an IBM mainframe running IBM WebSphere. But once again, none of their servlets or JSP pages have to be rewritten.3.6 SecureOne of the main sources of vulnerabilities in traditional CGI stems from the fact that the programs are often executed by general-purpose operating system

39、shells. So, the CGI programmer must be careful to filter out characters such as backquotes and semicolons that are treated specially by the shell. Implementing this precaution is harder than one might think, and weaknesses stemming from this problem are constantly being uncovered in widely used CGI

40、libraries.A second source of problems is the fact that some CGI programs are processed by languages that do not automatically check array or string bounds. For example, in C and C+ it is perfectly legal to allocate a 100-element array and then write into the 999th "element," which is reall

41、y some random part of program memory. So, programmers who forget to perform this check open up their system to deliberate or accidental buffer overflow attacks.Servlets suffer from neither of these problems. Even if a servlet executes a system call (e.g., with Runtime.exec or JNI) to invoke a progra

42、m on the local operating system, it does not use a shell to do so. And, of course, array bounds checking and other memory protection features are a central part of the Java programming language.3.7 MainstreamThere are a lot of good technologies out there. But if vendors don't support them and de

43、velopers don't know how to use them, what good are they? Servlet and JSP technology is supported by servers from Apache, Oracle, IBM, Sybase, BEA, Macromedia, Caucho, Sun/iPlanet, New Atlanta, ATG, Fujitsu, Lutris, Silverstream, the World Wide Web Consortium (W3C), and many others. Several low-c

44、ost plugins add support to Microsoft IIS and Zeus as well. They run on Windows, Unix/Linux, MacOS, VMS, and IBM mainframe operating systems. They are the single most popular application of the Java programming language. They are arguably the most popular choice for developing medium to large Web app

45、lications. They are used by the airline industry (most United Airlines and Delta Airlines Web sites), e-commerce (), online banking (First USA Bank, Banco Popular de Puerto Rico), Web search engines/portals (), large financial sites (American Century Investments), and hundreds of other sites that yo

46、u visit every day.Of course, popularity alone is no proof of good technology. Numerous counter-examples abound. But our point is that you are not experimenting with a new and unproven technology when you work with server-side Java.References：1Clifton G.M. Branham, Arthur Jonathan .Servlets and JSP i

47、n an undergraduate database courseJ.Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications,2003(3):1490-1496.2Kirkegaard, Christian.Static analysis for Java servlets and JSPJ.Lecture Notes in Computer Science (including subseries Lecture Notes

48、in Artificial Intelligence and Lecture Notes in Bioinformatics),2006(4):336-352.3Nakaike,Takuya.JSP Splitting for improving execution performanceJ.Proceedings - International Symposium on Applications and the Internet,20048:117-126.4Hassan, Doaa .Developing a security typed java servletJ.Proceedings

49、 - The 4th International Symposium on Information Assurance and Security,2008(10):215-220.Servlet和JSP技術簡述Nagle ，Wiegley摘要：Servlet程序在服務器端運行，動態(tài)地生成Web頁面與傳統(tǒng)的CGI和許多其他類似CGI的技術相比，Java Servlet具有更高的效率，更容易使用，功能更強大，具有更好的可移植性，更節(jié)省投資。關鍵字：JSP技術；Servlet；HTTP服務1Servlet的功能Servlet是運行在Web或應用服務器上的Java程序，它是一個中間層，負責連接來自We

50、b瀏覽器或其他HTTP客戶程序的請求和HTTP服務器上的數(shù)據庫或應用程序。Servlet的工作是執(zhí)行西門的任務，如圖1.1所示 。圖1.1Web中間件的作用1.1讀取客戶發(fā)送的顯式數(shù)據最終用戶一般在頁面的HTML表單中輸入這些數(shù)據。然而，數(shù)據還有可能來自applet或定制的HTTP客戶程序。1.2讀取由瀏覽器發(fā)送的隱式請求數(shù)據圖1.1中顯示了一條從客戶端到Web服務器的單箭頭，但實際上從客戶端傳送到Web服務器的數(shù)據有兩種，它們分別為用戶在表單中輸入的顯式數(shù)據，以及后臺的HTTP信息。兩種數(shù)據都很重要。HTTP信息包括cookie、瀏覽器所能識別的媒體類型和壓縮模式等。1.3生成結果這個過程可

51、能需要訪問數(shù)據庫、執(zhí)行RMI或EJB調用、調用Web服務，或者直接計算得出對應的響應。實際的數(shù)據可能存儲在關系型數(shù)據庫中。該數(shù)據庫可能不理解HTTP，或者不能返回HTML形式的結果，所有Web瀏覽器不能直接與數(shù)據庫進行會話。即使它能夠做到這一點，為了安全上的考慮，我們也不希望讓它這么做。對應大多數(shù)其他應用程序，也存在類似的問題。因此，我們需要Web中間層從HTTP流中提取輸入數(shù)據，與應用程序會話，并將結果嵌入到文檔中。1.4向客戶發(fā)送顯式數(shù)據（即文檔）這個文檔可以用各種格式發(fā)送，包括文本（HTML或XML），二進制（GIF圖），甚至可以式建立在其他底層格式之上的壓縮格式，如gzip。但是，到目

52、前為止，HTML式最常用的格式，故而servelt和JSP的重要任務之一就式將結果包裝到HTML中。1.5發(fā)送隱式的HTTP響應數(shù)據圖1.1中顯示了一條從Web中間層到客戶端的單箭頭。但是，實際發(fā)送的數(shù)據有兩種：文檔本身，以及后臺的HTTP信息。同樣，兩種數(shù)據對開發(fā)來說都式至關重要的。HTTP響應數(shù)據的發(fā)送過程涉及告知瀏覽器或其他客戶程序所返回文檔的類型（如HTML），設置cookie和緩存參數(shù)，以及其他類似的任務。2動態(tài)構建網頁的原因預先建立的文檔可以滿足客戶的許多請求，服務器無需調用servlet就可以處理這些請求。然而，許多情況下靜態(tài)的結果不能滿足要求，我們需要針對每個請求生成一個頁面。

53、實時構建頁面的理由有很多種：2.1網頁基于客戶發(fā)送的數(shù)據例如，搜索引擎生成的頁面，以及在線商店的訂單確認頁面，都要針對特定的用戶請求而產生。在沒有讀取到用戶提交的數(shù)據之前，我們不知道應該顯示什么。要記住，用戶提交兩種類型的數(shù)據：顯示（即HTML表單的數(shù)據）和隱式（即HTTP請求的報頭）。兩種輸入都可用來構建輸出頁面?；赾ookie值針對具體用戶構建頁面的情況尤其普遍。2.2頁面由頻繁改變的數(shù)據導出如果頁面需要根據每個具體的請求做出相應的改變，當然需要在請求發(fā)生時構建響應。但是，如果頁面周期性地改變，我們可以用兩種方式來處理它：周期性地在服務器上構建新的頁面（和客戶請求無關），或者僅僅在用戶請

54、求該頁面時再構建。具體應該采用哪種方式要根據具體情況而定，但后一種方式常常更為方便，因為它只需簡單地等待用戶的請求。例如，天氣預報或新聞網站可能會動態(tài)地構建頁面，也有可能會返回之前構建的頁面（如果它還是最新的話）。2.3頁面中使用了來自公司數(shù)據庫或其他數(shù)據庫斷數(shù)據源的信息如果數(shù)據存儲在數(shù)據庫中，那么，即使客戶端使用動態(tài)Web內容，比如applet，我們依舊需要執(zhí)行服務器端處理。想象以下，如果一個搜索引擎網站完全使用applet，那么用戶將會看到：“正在下載50TB的applet，請等待！”。顯然，這樣很愚蠢；這種情況下，我們需要與數(shù)據庫進行會話。從客戶端到Web層再到數(shù)據庫（三層結構），要比從

55、applet直接到數(shù)據庫（二層結構）更靈活，也更安全，而性能上的損失很少甚至沒有。畢竟數(shù)據庫調用通常是對速度影響最大的步驟，因而，經過中間層可以執(zhí)行高速緩存和連接共享。理論上講，servelt并非只用于處理HTTP請求的Web服務器或應用服務器，它同樣可以用于其他類型的服務器。例如，servlet能夠嵌入到FTP或郵件服務器中，擴展他們的功能。而且，用于會話啟動協(xié)議服務器的servlet API最近已經被標準化（參見/en/jsr/detail?id=116）。但在實踐中，servelt的這種用法尚不流行，在此，我們只論述HTTP Servlet。3Servlet相對

56、于“傳統(tǒng)”CGI的優(yōu)點和傳統(tǒng)CGI及許多類CGI技術相比，Java servelt效率更高、更易用、更強大、更容易移植、更安全、也更廉價。3.1效率 應用傳統(tǒng)的CGI，針對每個HTTP請求都用啟動一個新的進程。如果CGI程序自身相對比較簡短，那么啟動進程的開銷會占用大部分執(zhí)行時間。而使用servelt，Java虛擬機會一直運行，并用輕量級的Java線程處理每個請求，而非重量級的操作系統(tǒng)進程。類似地，應用傳統(tǒng)的CGI技術，如果存在對同一CGI程序的N個請求，那么CGI程序的代碼會載入內存N次。同樣的情況，如果使用servlet則啟動N個線程，單僅僅載入servlet類的單一副本。這種方式減少了服

57、務器的內存需求，通過實例化更少的對象從而節(jié)省了時間。最后，當CGI程序結束對請求的處理之后，程序結束。這種方式難以緩存計算結果，保持數(shù)據庫連接打開，或是執(zhí)行依靠持續(xù)性數(shù)據的其他優(yōu)化。然而，servelt會一直停留在內存中（即使請求處理完畢），因而可以直接存儲客戶請求之間的任意復雜數(shù)據。3.2便利Servelt提供大量的基礎構造，可以自動分析和解碼HTML的表單數(shù)據，讀取和設置HTTP報頭，處理cookie，跟蹤會話，以及其他次類高級功能。而在CGI中，大部分工作都需要我們資金完成。另外，如果您已經了解了Java編程語言，為什么還有學校Perl呢？您已經承認應用Java技術編寫的代碼要比Visu

58、al Basic，VBScript或C編寫的代碼更可靠，且更易重用，為什么還有倒退回去選擇那些語言來開發(fā)服務器端的程序呢？3.3強大 Servlet支持常規(guī)CGI難以實現(xiàn)或根本不能實現(xiàn)的幾項功能。Servlet能夠直接于Web服務器對話，而常規(guī)的CGI程序做不到這一點，至少在不使用服務器專有API的情況下是這樣。例如，與Web服務器的通信使得講相對URL轉換成具體的路徑名變得更為容易。多個servelt還可以共享數(shù)據，從而易于實現(xiàn)數(shù)據庫連接共享和類似的資源共享優(yōu)化。Servelt還能維護請求之間的信息，使得諸如會話跟蹤和計算結果緩存等技術變得更為簡單。3.4可移植性Servelt使用Java編

59、程語言，并且遵循標準的API。所有主要的Web服務器。實際上都直接或通過插件支持servlet。因此。為Macromedia JRun編寫的servlet，可以不經過任何修改地在Apache Tomcat，Microsoft Internet Information Server，IBM WebSphere 。iPlanet Enterprise Server。Oracle9i AS 或者StrNine WebStar上運行。他們是java2平臺企業(yè)版的一部分，所以對servlet的支持越來越普遍。3.5廉價對于開發(fā)用的網站、低容量或中等容量網站的部署，有大量免費或極為廉價的Web服務器可供選擇。因此，通過使用servelt和