Download
1 / 41
420 likes | 665 Vues
蔡 剑 , Ph.D. Java Web应用开发:J2EE和Tomcat. 本讲内容. Web 层技术 ( IV) JSTL Web Security Web Application Architecture. RDMS. JDBC. Web Container. JSPs. ( X)HTML XML. Servlets. HTTP. JSTL. JavaMail. Mail Server. J2EE Application Server. JAX RPC. Mgmt. Java Application. RMI. JAXR.
E N D
蔡 剑, Ph.D. Java Web应用开发:J2EE和Tomcat
本讲内容 • Web层技术 (IV) • JSTL • Web Security • Web Application Architecture
RDMS JDBC Web Container JSPs (X)HTML XML Servlets HTTP JSTL JavaMail Mail Server J2EE Application Server JAX RPC Mgmt Java Application RMI JAXR JACC JNDI JDBC JMS JAF JTA Applet SAAJ JMX CORBA Server IIOP EJB Container Application Client Container Message Beans Session Beans Entity Beans Client Application Directory Service JNDI JAX RPC Mgmt JMS JAX RPC Mgmt Message Queue JAXR JACC JNDI JDBC JMS JAF JTA JAXR JMS SAAJ JMX SAAJ JMX Review: J2EE Framework
Web Server Custom Tag XML JSP XML SAX/DOM XML JavaBeans Review: JSP using XML
JSTL Types <%@ taglib uri="http://java.sun.com/jstl/core" prefix="c" %> 核心标签 <%@ taglib uri="http://java.sun.com/jstl/xml" prefix="x" %> XML 标签 <%@ taglib uri="http://java.sun.com/jstl/fmt" prefix="fmt" %> 国际化标签 <%@ taglib uri="http://java.sun.com/jstl/sql" prefix="sql" %> 数据库标签
Core JSTL: Flow Control <c:choose> <c:when test="${task.startDate.year <='1995'}"> You are far from the Y2K problem! </c:when> <c:when test="${task.startDate.year <='1998'}"> You were facing the Y2K problem! </c:when> <c:when test="${task.startDate.year >= '2000'}" > You have overcome the Y2K problem! </c:when> <c:otherwise> You are in the Y2K year! </c:otherwise> </c:choose>
Core JSTL: Iteration <TABLE BORDER=1 ALIGN=CENTER > <TR BGCOLOR='#99cee6'> <TH> Name</TH> <TH>Value </TH> </TR> <c:forEach var="head" items="${headerValues}"> <TR><TD> <c:out value="${head.key}"/></TD> <TD> <c:forEach var="val" items="${head.value}"> <c:out value="${val}"/> </c:forEach> </TD> </c:forEach> </TABLE>
XML Tag <x:parse xml="${taskXML}" var="taskresult"/> …… <CENTER> <H3>The Task List Using JSTL XML Tags: </H3> …… <x:forEach select="$taskresult/tasklist/task" var="sigletask"> <tr> <td> <x:out select="taskid"/> </td> <td> <x:out select="name"/> </td> <td> <x:out select="start"/> </td> <td> <x:out select="end"/> </td> </tr> </x:forEach> …… P245
SQL Tag:DataSource and Query <sql:setDataSource var="workflow" driver="RmiJdbc.RJDriver" url="jdbc:rmi://localhost:1099/jdbc:cloudscape:CloudscapeDB;create=true"> <c:set var="nametofind" value="${param.taskname}"/> <sql:query var="tasks" > select * from PUBLIC.tasks where name = ? <sql:param value="${nametofind}" /> </sql:query>
SQL Tag: Transaction and Update <sql:transaction> …… <sql:update var="tasks" sql="update PUBLIC.tasks set days= days + ? where id = ?" > <sql:param value="${time.duration}" /> <sql:param value="${taskid}" /> </sql:update> …… </sql:transaction> <c:forEach var="task" begin="0" items="${tasklist.rows}"> <p><c:out value="${task.taskname}"/></p> <p><c:out value="${task.start}"/></p> <p><c:out value="${task.end}"/></p> </c:forEach>
I18N Tag <%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %> <%@ taglib prefix="fmt" uri="http://java.sun.com/jstl/fmt" %> <jsp:useBean id="now" class="java.util.Date" /> <fmt:timeZone value="GMT"> <fmt:formatDate value="${now}" type="both" dateStyle="full" timeStyle="full" var="gmtdate"/> <fmt:parseDate value="${formatted}" type="both" dateStyle="full" timeStyle="full" timeZone="PST" var="pstdate"/> </fmt:timeZone> <c:out value="${gmtdate}"/><BR></BR> <c:out value="${pstdate}"/> Wednesday, November 20, 2002 7:37:49 AM GMT Tue Nov 19 23:37:49 PST 2002
Web Application Security • 验证 (Authentication), 个体必须由验证机制确定它的身分。 • 授权(Authorization). 当一位被验证通过的本体设法访问程序资源, 系统要根据安全政策确定是否该本体有权限进行这样的操作 • 声明性(Declarative)安全机制, 规定了网络程序和网络服务器之间的安全配置协议. 网络服务器根据web.xml中定义的安全要求实现对网络资源的保护. • 程序性(Programetic)安全机制较声明性安全机制更直接. 网络程序自身通过Java程序实现其安全保护.
Role, Group, and User <?xml version='1.0'?> <tomcat-users> <role rolename="admin"/> <role rolename="manager"/> <role rolename="engineer"/> <user username="user1" password="password1" roles="admin,manager,engineer"/> <user username="user2" password="password2" roles="engineer"/> </tomcat-users>
Set Naming Resources <GlobalNamingResources> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved"></Resource> <ResourceParams name="UserDatabase"> <parameter> <name>factory</name> <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value> </parameter> <parameter> <name>pathname</name> <value>conf/tomcat-users.xml</value> </parameter> </ResourceParams> </GlobalNamingResources>
Using Database as Realm <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.gjt.mm.mysql.Driver" connectionURL="jdbc:mysql://localhost/authority" connectionName="test" connectionPassword="test" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name" />
Authentication Approaches • 网络容器实现用户验证: • HTTP 基本验证 (Basic authentication) • 基于表单验证 (Form-based authentication) • 客户凭证验证 (Client-certificate authentication) • 摘要验证 (Digest authentication) • 网络程序本身实现验证方式: • 网络程序表单验证 • 程序性安全机制
Basic Authentication <security-constraint>…… <web-resource-collection> <web-resource-name>BasicLogin</web-resource-name> <description>Map to Basic Login Page</description> <url-pattern>/control/signin_ba</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <description>no description</description> <role-name>manager</role-name> </auth-constraint> <user-data-constraint> <description>no description</description> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint>
Defined in Web.xml <login-config> <auth-method>BASIC</auth-method> <realm-name>default</realm-name> </login-config>
Form-based Login <login-config> <auth-method>FORM</auth-method> <realm-name>default</realm-name> <form-login-config> <form-login-page>/jsp/signin_cfb.jsp</form-login-page> <form-error-page>/control/error</form-error-page> </form-login-config> </login-config>
Login Form <center> <font size=2>Container Form-Based Login</font> <form method="POST" action='<%= response.encodeURL("j_security_check") %>' > <table border="0" cellspacing="5"> <tr> <th align="right">Username:</th> <td align="left"><input type="text" name="j_username" value="tomcat"></td> </tr> <tr> <th align="right">Password:</th> <td align="left"><input type="password" name="j_password" value="sqe"></td> </tr>…… </table> </center> </form>
Config SSL Connection <!-- <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="false" acceptCount="10" connectionTimeout="60000" debug="0" scheme="https" secure="true"> <Factory className="org.apache.coyote.tomcat4. CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" /> </Connector> -->
Model • Encapsulates application state • Responds to state queries • Exposes application functionality • Notifies views of changes State Change State Query Change Notice • View • Renders the models • Request updates from models • Sends user gestures to Controller • Allows controller to select View • Controller • Define application behavior • Maps user actions to model updates • Select view for response • One for each functionality View Selection User gestures Web Application Architecture: MVC Model
View Control Model Project JSPs Project UseBean Project Handler Project Model/DAO RoleCheck Filter User JSPs User UseBean User Handler User Model/DAO Database I18N Filter Task JSPs Task UseBean Task Handler Task Model/DAO Assign JSPs Assignment UseBean Assignment Handler Assignment Model/DAO request Main Servlet Request Processor Signin Handler dispatch Session response Template JSP Page Flow Manager Logout Handler Action Listener Screen definition XML Request mapping XML Other JSPs Mail Sender Web Server Components
Struts Framework • 一个Web应用的控制器 (是Struts的中心控制Servlet) • 一组用来实现“模型”的Java Bean和帮助类 • 一组用来在JSP实现界面的标签库 • Struts用一个配置文件将这三方面的构件组合起来,这些构件具备Web应用的基本骨架。
struts-config.xml 模型 Action 浏览器 控制器: ActionServlet ActionForm 视图: Jsp文件 应用资源属性 (properties 文件) 标签库 Struts Components
JPetstore Architecture http://www.ibatis.com/jpetstore/jpetstore.html
