CMU J2EE网络开发课程总结笔记
CMU 08-672 J2EE Web Development 课程笔记,部分英文内容摘自课件
URL – UniformResource Locator: Specifies the location of the resource
Newer: URI –Universal Resource Identifier
–Identifies the resource
– Recognizes it’s not necessarily correlated to a location
HTML超文本标记语言: Mixes the structure of the document with the formatting
XML: Only structure,no formatting
XHTML: a standardization of HTML, more restrictive and well-formed in structure
CSS: Separate document structure from formatting
Servlets &Tomcat
Java runtime environment
In web browsers:using Applets
In web servers:using Servlets
Advantages of Server-side Java
• No Java version mismatch
–Just generate HTML
• No long download problems
–Many “real” apps have many big .class files
• Right way to access server data
–Secure: Your program, running on your server
–Fast: Your program, running on your server
Apache Tomcat: an open source implementation of the Java Servlet
Tomcat Server Structure
• It’s the same loop as any HTTP Server while (true) {
request =readHttpRequest(...);
response =processHttpRequest(request);
sendHttpResponse(..., response);
}
• Request is an object that contains all the info about the HTTP Request
• Response is an object containing info needed to send the HTTP Response
Sessions & Cookies
• Server sends cookies to browser in HTTP Response
• Cookies are server generated data
–Typically identify user (or browser), preferences, etc
• Browser does not “understand” the cookie data
• Browser sends cookies back in subsequent requests – Server will now knows “who” is making the request
Problems with cookies:
- Cookies can only contain a little data (up to 4kb)
- Cookies can be modified by the user.
- Cookies might not be accepted by the browser. (You can configure your browser not to accept cookies)
Sessions
• Maintain data correlated with browser session
• Cookies are typically used to implement sessions
–A session id is stored in the cookie
• It’s big and ugly
–Maintains a list of (name, object) pairs in the server
• Implemented by HttpSession class
–Handles stale sessions
ORM: Object Relation Mapping
JavaBean:
• In simplest terms:
–An instance of a Java class with getter and setter methods
• When usingJavaBeans for storing data
–Private instance variables hold the data
–Getters and setters provide data access
Example JavaBean to Store a User
public class User{
private String userName;
private String password;
public String getUserName() { return userName; }
public String getPassword() { return password; }
public void setUserName(String s) {userName = s; }
public void setPassword(String s) {password = s; }
}
Security
– Man-in-the-middle Attack
• Someone that can intercept network traffic
• Can read the messages (coming and going)
• Can change the messages before sending them on (to the correct or incorrect destination)
– Sniffing
– Spoofing
Pretending to be someone your not
Public Key: Key Pair(key1 & key2)
– Either key can be used to encrypt (key 1 or key 2)
– You can only decrypt using the “other key” (key 2 or key 1)
– One key is given out (the public key)
– The other key is kept secret (the private key)
Secret Key:
– Shared Secret
– Used to encrypt and decrypt
Certificate Authority
• A Certificate Authority (CA) tells you what someone’s (something’s) public key is
– Usually this will be a server’s public key
• Companies get paid to do this
– They “check out”the information
– They issue a“certificate” with the information
• The CA’s public key is well-known
– It’s usually pre-installed with server and client software (i.e., it’s in your browser already)
Ajax
Asynchronous JavaScript And XML
• AJAX is a technique for creating more interactive web applications
– Use an XMLHttpRequest object to make requests to the web server for data asynchronously (or synchronously)
– Receive server data as XML (or text or JSON)
– Convert the XML into a DOM tree
– Extract data from the XML DOM tree and change the HTML document’s DOM tree (thereby updating the page)
AJAX Advantages
• More interactive web sites
–The page is not reloaded
•You only change parts of the page
–Requests can be executed asynchronously
•So the user can continue to interact with the page during
requests to the server
• Reduces load on server
–A lot of the formatting of the result is offloaded to the client browser