Web Frameworks
Application framework
An application framework is a structure that already pre-defines the repetitive and hides the mundane. It should make the underlying technology easier to use.
- Database access, acl, security,
- Data sanitisation, error handling, standards compliance, authentication, templating, localisation
- Control logic, assembling views
- Saves time and effort, has been already tested, may come with tooling
Frameworks encourage
- Separation of business logic from presentation/interface - designed into the interfaces
- Separation of roles - developer/presentation
- Creation of components and the framework typically encourages this to conform to a standard
- Separation of stable code from volatile (GUI typically less stable)
Object Decomposition: Splitting the application into objects and assigning these to tiers
However have less control
Web tier frameworks
- typically based around MVC
- separation of model (persistence/behaviour), view (display) and controller (business logic/flow)
Model 2 architecture
Separation of servlets (control) and JSP (display) Servlet also single point for logging and security (Model 1 - JSP page contains what page is next i.e. not servlet controller)
Struts/JSF Include a configurable controller servlet Abstract classes for request dispatches [Front Controller Pattern] is also a application of the [Mediator Pattern] as it decouples the views Selection of next page based on model and session state Identifying operation (see Blueprint web application framework)
- Use the servlet name and include a wildcard in the controller servelet mapping url
- Include in a hidden field
- Include in the URL as a parameter
Servlet mapping considered most flexible
Web Tier
- dynamic content
- controls flow
- maintains state
- MIME - many content types
- business logic for low traffic, simple transaction behaviour
Web state
- Spec does not require recovery after crash
- some containers do provide this feature
- or persist state in the EIS tier
- Container manages session tracking with url rewriting/cookies - the associated with state
Web state scope
- Application - servlet context
- Session - HttpSession (within the HttpServletRequest)
- Request - ServletRequest
JSPs
- Page - PageContext - active when forwarding/including
When using EJBs recommended to use a stateful EJB to store state
- Thread safety easier in EJB (?)
- Automatic management - pooling, passivating when resources are limited
- Client independent
When not using EJBs use the HttpSession to store state
JSP Servlet shared bean example
cookies
Avoid direct cookie manipulation unless direct need
- cookies can get corrupted
- cookies may be filtered/switched off
- size limitations - 4k
Servlets
- service oriented applications
- control functions - dispatching requests
- binary data
- program centric
- extend javax.servlet.http.HttpServlet
- can form filter chains
- lifecycle - listener interfaces
Distributed Servlets
- constraits on session migration
JSP
- text based mark up - html, svg, wml, xml
- document centric
- must be converted into a servlet
- authoring tools
- JSP typically not well formed XML
- JSP alternate XML syntax allows checking file before runtime
Custom Tags
- reusable (scripting is not)
- portable
- reduces repetition
- make intent clearer
Java Standard Tag Library JSTL
- resource inclusion
- forwarding
- conditional logic
- iterators
- XSLT transformations
- state access
- internationalisation i8t2n
- forms (html)
upper layer built on lower layer |------------ |JSTL | JSF | |-----|--| | |JSP | | |-----------| |Servlets | |-----------|
Web container
- Services
- request dispatching
- concurrency
- lifecycle
- API
- naming
- transaction
- session state
Web application deployment descriptor
- defines deployment configuration
RequestDispatcher
- include - combine multiple pages
- forward - send to another page to handle the response - response must be empty
Servlet
- security
- control logic
- e.g. routing
- templating
- personalisation
- filters
- composite - include multiple JSPs
- forward to jsp for display
- binary data
- varying data structure
Servlet - services Servlet filter - customisation/extension
binary output
response.setHeader("Content-type", "image/png");
OutputStream os = rsp.getOutputStream(); //or PrintWriter
- only one servlet instance per definition
- SingleThreadModel servlets - pooled - discouraged
Distributable
- state may be distributed/failed over - only session state
- Server affinity - load balancing more difficult
- State migration - increases network traffic
- State must be in the session
- Don't use instance or static variables in servlet
- Don't rely on the server specific ServletContext - can be used for caching
- context events are not distributed
JSP
- for outputting text
- best for dynamic data but static structure
- HTML, XML, ASCII, postscript
- javax.servlet.jsp.JSPWriter used for output
- ensures proper encoding
- prevents binary content
- Use custom tags/servlet or helper calss for complex tasks
- avoid large use of control tags in JSP - hard to maintain
- should never forward or acting as a controller
<%@ include file="static.jsp" @%> - for static content <jsp:include page="DynamicServlet"/> - for dynamic (or static) content
include directive
- static - can cause servlet to be large
jsp include
- dynamic - runtime overhead
- encoding can only be set once
Custom tag/Scriptlets
Use custom tag instead of include scripts (scriptlets)
- custom tags can be unit tested
- custom tags help keep separation of logic from presentation
- scripts are help separate role of html editor from programmer
- script errors can be harder to debug than custom tags
Deliver plan for payment system
Review use cases and supplier payment documents. Highlight issues, write high level scoping document