Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on...
-
date post
22-Dec-2015 -
Category
Documents
-
view
221 -
download
0
Transcript of Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on...
![Page 1: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/1.jpg)
Cooperation between applets and servletsCooperation between applets and servlets
![Page 2: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/2.jpg)
AppletsApplets Applets runs on the clientsside, the servlet on
the server side Suitable for presentations and logic that belongs
on the client, for example:Advanced graphics or animationSpecial GUI controls (eg. WYSIWYG editor)
Problem: how does applets and servlets communicate
![Page 3: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/3.jpg)
ConstraintsConstraints
Applets runs in a sandbox,therefore limitations. Can only contact the network resource from
which the applet originated. The applet can therefore only retreive
information from its ”home”.
![Page 4: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/4.jpg)
Technique 1: control the applet from the server
Technique 1: control the applet from the server
![Page 5: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/5.jpg)
Technique : configurable appletTechnique : configurable applet
<html> <head> <title>Drawing applet examplel</title> </head>
<body> <applet width="300"
height="200" code=”drawing.class"> <param name=”drawing" value="0-255-255-255-0-0; 5-0-0-300-200-0; 0-255-0-0-0-0;
1-18-18-188-288-0; 1-20-10-400-10-0; 5-45-29-22-23-3;frode; 4-200-30-0-0-my name is frode"> </applet> </body></html>
![Page 6: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/6.jpg)
The AppletThe Appletimport java.util.*;import java.awt.*;import java.applet.*;
public class drawing extends Applet { String drawing; public void init() { // retreive drawing parameters from the server drawing = getParameter(”drawing"); } public void paint(Graphics g) { parseTegning(g); }
![Page 7: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/7.jpg)
public void parseDrawing(Graphics g) { // retreive all commands StringTokenizer commands = new StringTokenizer(drawing,";"); while (commands.hasMoreElements()) { try { int op, arg1, arg2, arg3 = 0, arg4 = 0; String arg5 = ""; String fullcommand = commands.nextToken(); // tokenize the command StringTokenizer parts = new StringTokenizer(fullcommand,"-"); op = Integer.parseInt(parts.nextToken()); arg1 = Integer.parseInt(parts.nextToken()); arg2 = Integer.parseInt(parts.nextToken()); arg3 = Integer.parseInt(parts.nextToken()); arg4 = Integer.parseInt(parts.nextToken()); arg5 = parts.nextToken(); draw(g,op,arg1,arg2,arg3,arg4,arg5); } catch (Exception e) { // Syntax errors that occur in command input are ignored in this example } } }
![Page 8: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/8.jpg)
public void draw(Graphics g,int op,int a1, int a2,int a3,int a4,String a5) { switch (op) { case 0: g.setColor(new Color(a1,a2,a3)); break; case 1: g.drawLine(a1,a2,a3,a4); break; case 2: g.drawOval(a1,a2,a3,a4); break; case 3: g.drawRect(a1,a2,a3,a4); break; case 4: g.drawString(a5,a1,a2); break; case 5: g.fillRect(a1,a2,a3,a4); break; case 6: g.fillOval(a1,a2,a3,a4); break; } }
![Page 9: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/9.jpg)
Technique 2: the applet contact the serverTechnique 2: the applet contact the server
![Page 10: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/10.jpg)
Functionality: user clicksAnd the text follows
<html> <head> <title>Drawing applet example</title> </head>
<body> <applet width="300"
height="200" code="dynamicdrawing.class"> <param name=”source" value="/drawing.jsp"> </applet> </body></html>
![Page 11: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/11.jpg)
drawing.jspdrawing.jsp
<% response.setHeader(”drawing", "1-10-10-100-100-0;1-100-10-20-200-0;4-"
+request.getParameter("x")+"-"+request.getParameter("y") +"-0-0-Hi here I am");%>
![Page 12: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/12.jpg)
public void init() { kilde = getParameter(”source"); contactServer(-1,-1); addMouseListener(this); }
public void contactServer(int x,int y) { try { URL server = new URL(getCodeBase().getProtocol(), getCodeBase().getHost(), getCodeBase().getPort(), source+"?x="+x+"&y="+y); URLConnection connection = tjener.openConnection(); connection.setUseCaches(false); drawing = connection.getHeaderField(”drawing"); } catch (Exception e) { } Runtime.getRuntime().gc(); } public void mouseClicked(MouseEvent h) { contactServer(h.getX(),h.getY()); repaint(); }}
![Page 13: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/13.jpg)
Filtering og filtersFiltering og filters
![Page 14: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/14.jpg)
client
ServletJSP-page
filter
filter
filter
filter
request
response
![Page 15: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/15.jpg)
Application areasApplication areas
Catch requests and inspect contect and http-headers
Catch and modify requests before they reach the actual resource (servlet or jsp-page)
Catch responses from resource and inspect content and http-headers
Catch and modify responses from resources
![Page 16: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/16.jpg)
ExamplesExamples
Compression filters Encryption filters Image conversion filters Log and account filters Security and autentication filters XSLT transformation filters
![Page 17: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/17.jpg)
Example 1:Catch and block requests
Example 1:Catch and block requests
![Page 18: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/18.jpg)
package filter;import javax.servlet.*;import javax.servlet.http.*;import java.io.*;public class IEfilter implements Filter { private FilterConfig filterConfig;
public void setFilterConfig(final FilterConfig filterConfig) { this.filterConfig = filterConfig; } public void doFilter(final ServletRequest request, final ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse res = (HttpServletResponse)response; String browser = req.getHeader( "User-Agent" ); System.out.println(”Before if check "+browser); if ( nettleser.indexOf("IE") == -1 ) { request.setAttribute("filtercheck", ”Approved by frode's filter"); chain.doFilter(request, response); } svar.sendError(res.SC_FORBIDDEN); } public void init(FilterConfig c) { this.filterConfig = c; } public void destroy() { this.filterConfig = null; } }
![Page 19: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/19.jpg)
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app> <filter> <filter-name>MSblocker</filter-name> <filter-class>filter.IEfilter</filter-class> </filter>
<filter-mapping> <filter-name>MSblocker</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping></web-app>
![Page 20: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/20.jpg)
Example 2:Filter chaining – avoid html injection
Modifying request
Example 2:Filter chaining – avoid html injection
Modifying request
<h1> <hi>
![Page 21: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/21.jpg)
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app><filter>
<filter-name>ltFilter</filter-name> <filter-class>filter.SensureFilterConfig</filter-class> <init-param>
<param-name>find</param-name> <param-value><![CDATA[<]]></param-value>
</init-param><init-param>
<param-name>replace</param-name> <param-value>&lt;</param-value>
</init-param></filter>
<filter> <filter-name>gtFilter</filter-name> <filter-class>filter.SensureFilterConfig</filter-class> <init-param>
<param-name>find</param-name> <param-value><![CDATA[>]]></param-value>
</init-param><init-param>
<param-name>replace</param-name> <param-value><![CDATA[>]]></param-value>
</init-param></filter>
![Page 22: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/22.jpg)
<filter> <filter-name>ampFilter</filter-name> <filter-class>filter.SensureFilterConfig</filter-class> <init-param>
<param-name>find</param-name> <param-value><![CDATA[&]]></param-value>
</init-param><init-param>
<param-name>replace</param-name> <param-value><![CDATA[&]]></param-value>
</init-param></filter>
<filter> <filter-name>quotFilter</filter-name> <filter-class>filter.SensureFilterConfig</filter-class> <init-param>
<param-name>find</param-name> <param-value><![CDATA["]]></param-value>
</init-param><init-param>
<param-name>replace</param-name> <param-value><![CDATA["]]></param-value>
</init-param></filter>
![Page 23: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/23.jpg)
<filter-mapping> <filter-name>ampFilter</filter-name> <url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping> <filter-name>ltFilter</filter-name> <url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping> <filter-name>gtFilter</filter-name> <url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping> <filter-name>quotFilter</filter-name> <url-pattern>*.jsp</url-pattern>
</filter-mapping></web-app>
![Page 24: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/24.jpg)
The FilterThe Filter
![Page 25: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/25.jpg)
package filter;import javax.servlet.*;import javax.servlet.http.*;import java.io.*;import java.util.*;import filter.SensureWrapperConfig;
public class SensureFilterConfig implements Filter { private FilterConfig filterConfig; private String find, replace;
public void setFilterConfig(final FilterConfig filterConfig) { this.filterConfig = filterConfig; }
public void doFilter(final ServletRequest request, final ServletResponse response, FilterChain chain) throws IOException, ServletException { SensureWrapperConfig req = new SensureWrapperConfig((HttpServletRequest)request, find, replace); chain.doFilter(req,response); } public void init(FilterConfig c) { this.filterConfig = c; find = filterConfig.getInitParameter("find"); replace = filterConfig.getInitParameter(”replace"); } public void destroy() { this.filterConfig = null; } }
![Page 26: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/26.jpg)
We need a wrapperWe need a wrapper
Because a request cannot be modified once it is created – (read only)
![Page 27: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/27.jpg)
package filter;import javax.servlet.*;import javax.servlet.http.*;import java.io.*;import java.util.*;
// This class is reading and mofifying the parameter list
public class SensureWrapperConfig extends HttpServletRequestWrapper { private String find, replace; public SensureWrapperConfig(HttpServletRequest req) { super(spørsmål); } public SensureWrapperConfig(HttpServletRequest req, String find, String replace) { super(req); this.find = find; this.replace = replace; } public String getParameter(String param) { String value = super.getParameter(param); value = value.replaceAll(find,replace); return value; } }
![Page 28: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/28.jpg)
Example 3:Modify the response
Example 3:Modify the response
<body><head> <link rel="stylesheet" href="style.css" type="text/css"/> </head> <body>
![Page 29: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/29.jpg)
<web-app><filter>
<filter-name>postFilter</filter-name> <filter-class>filter.BodyFilter</filter-class> <init-param>
<param-name>find</param-name> <param-value><![CDATA[<body>]]></param-value>
</init-param><init-param>
<param-name>replace</param-name> <param-value><![CDATA[ <head> <link rel="stylesheet" href="style.css" type="text/css"/> </head>
<body>]]></param-value>
</init-param></filter>
<filter-mapping> <filter-name>postFilter</filter-name> <url-pattern>*.jsp</url-pattern>
</filter-mapping></web-app>
![Page 30: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/30.jpg)
The FilterThe Filter
![Page 31: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/31.jpg)
import filter.BodyWrapper;
public class BodyFilter implements Filter { private FilterConfig filterConfig; private String find, replace;
public void setFilterConfig(final FilterConfig filterConfig) { this.filterConfig = filterConfig; }
public void doFilter(final ServletRequest request, final ServletResponse response, FilterChain chain) throws IOException, ServletException { OutputStream out = response.getOutputStream(); KroppsWrapper res = new KroppsWrapper((HttpServletResponse)response); chain.doFilter(request, res); String body = new String(svar.getData()); body = body.replaceAll(find,replace); out.write(body.getBytes()); out.close(); } public void init(FilterConfig c) { this.filterConfig = c; find = filterConfig.getInitParameter("find"); replace = filterConfig.getInitParameter(”replace"); } public void destroy() { this.filterConfig = null; } }
![Page 32: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/32.jpg)
The WrapperThe Wrapper
![Page 33: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/33.jpg)
package filter;import javax.servlet.*;import java.io.*;
public class BodyStream extends ServletOutputStream { private DataOutputStream stream; public BodyStream(OutputStream output) { stream = new DataOutputStream(output); }
public void write(int b) throws IOException { stream.write(b); }
public void write(byte[] b) throws IOException { stream.write(b); }
public void write(byte[] b, int off, int len) throws IOException { stream.write(b, off, len); } }
package filter;
import javax.servlet.*;import javax.servlet.http.*;import java.io.*;import filter.BodyStream;
public class BodyWrapper extends HttpServletResponseWrapper { private ByteArrayOutputStream output; private int contentLength; private String contentType;
private FilterConfig filterConfig; private String find, replace; public KroppsWrapper(HttpServletResponse res) { super(res); output = new ByteArrayOutputStream(); }
public byte[] getData() { return output.toByteArray(); }
public ServletOutputStream getOutputStream() { return new KroppsStream(output); }
Part 1
![Page 34: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/34.jpg)
public void setContentLength(int length) { this.contentLength = length; super.setContentLength(length); }
public int getContentLength() { return contentLength; }
public void setContentType(String type) { this.contentType = type; super.setContentType(type); }
public String getContentType() { return contentType; }
public PrintWriter getWriter() { return new PrintWriter(getOutputStream(), true); } }
Part 2
![Page 35: Cooperation between applets and servlets. Applets Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic.](https://reader035.fdocuments.us/reader035/viewer/2022062715/56649d795503460f94a5c114/html5/thumbnails/35.jpg)
Have a nice weekend
Have a nice weekend