I am new to java web development.
Currently I'm learning technologies such as Servlets, Jsp, and Java Frameworks like Spring etc.
I was wondering that as an end user say for a java web-site without applets, would the user of the website be required to install java in his/her machine?
Because it seems that in the case of Servlet and Jsp all execution is done at the servers end and only the result is sent back to the user in html format.
Please correct me if I'm wrong.
As you suspect, Java is only run on the servers. It is the language that accepts an HTTP Request and processes it, issuing out an HTTP Response. As with most good coding practices, this means that the server program is returning a response that is, essentially, text. The implication here is that you can write the server in any sort of programming language, or set of languages, without the browser needing to know what or why.
Thus, the browser is agnostic to the languages you use on the server.
Java Applets are different; they are compiled Java code that is downloaded by the client and run inside a local JVM. For this to work, the client requires Java to be installed. Applets can be quite small - invisible even - and thus malicious sites can use them on unsuspecting browsers to do wonky things. For this reason people are concerned about Java security holes that would allow applets to do more than they should.
You are correct. The java is executing on the server. The user would only have to install java if the application served applets, which as you say, is not the case here.
No need to install java at end user(client).
Because HTML renderkit return html format.
But if his or her need to developed , java is need.
hi you need to install jdk if you want to develope any java project,the jdk itself contains jre( java runtime environment),,
you can prefer below link
http://www.journaldev.com/546/difference-between-jdk-jre-and-jvm-in-java
You do not need your client systems to have Java installed.
The news about disabling java in web browser was due to some security vulerabilities in the current release (which Oracle said they will fix in October release). But you do not have to worry about it since you do not have applets in your web site. The clients would need java jre installation if you have such plugins as applets
Http is a stateless and text based protocol. That means Http protocol is not able to remember its previous state and this can not hold any state of execution.Its a text based protocol so medium of exchange of information or data over this protocol is text.
Main issue with this protocol is that it can handle only one request at a time and send response to user in same manner. But in current time user requirements have changed dramatically. So Http can not handle so much requests at a time as well as cant managed to send multiple response. So Here Java EE and web servers comes into effects
Web-servers provide an environments where a web-applications(servlet,jsp,Java EE) can run,executes and send responses to the client. Web- servers perform task such as:
1: Handle a Http-requests and in the same way send the responses to that requests.
2: Since, Http protocol only understand text so , Web-server parse the request as a text,then process it and then transform that response again into a text and send it to the client server.
3: Provide an environment where web-applications ,request-response and other services can run flawlessly,dynamically and with strong security undergo.
4: And last but not the least, these web-servers are designed and developed in pure java and run it thread-model so you trust your application is in safe hand.
And applets runs in different way, client side at least need JRE to provide an environment to executes an applets. Applets are differs from web-technology.
Related
I have developed an android application and i need to set a server for sending and receiving data from clients. The server must also be able to run python script for data mining.I want to code the server in java(for analysing the data obtained from mining and handling the client requests).
what will be the way to set the server for my purpose. I have read that servers can be set up in eclipse or installing apache in linux in a virtual machine. will anyone of them fit my need or is there any other better alternative.
Well, it depends on your needs. If you want to run Python scripts from Java, I don't really see why you would code your server-side logic in Java and then use Python data-mining scripts (you might have some problems with execution of Python scripts through Java and server setup). I know that Python is much better in data-mining, so stick with it. Consider Python for server-side logic. In case you want to run data-mining script manually that doesn't really mater, so you can separate the languages.
In case you want to separate it into two languages, then you must install an application server for Java. There are plenty of options for that, even open-sourced (Wildfly, Glassfish, ...):
https://blog.idrsolutions.com/2015/04/top-10-open-source-java-and-javaee-application-servers/
You can set most of them in Eclipse for development, for production releases they can be installed either on Unix or Windows. The Apache option you mentioned is probably Apache Tomcat application server. You can read more about Java application server set-up in Eclipse:
http://www.eclipse.org/webtools/community/education/web/t320/Configuring_an_Application_Server_in_Eclipse.pdf
Depending upon the requirement, you can setup the server in many ways in any operating system like linux (fedora, ubuntu), windows, mac osx etc. There are many java web frameworks to follow to make your own server and provide API for mobile.
These are some java web frameworks:
playframework
Spring MVC
Grails
You can setup above and other frameworks and can setup in any enviorment. For initial, you can setup in your local system, then later you can upload into your remote server.
For setup, please see the respective framework's documentation.
It would be wise to choose json for communication between mobile and server. You can consume the API in android using default HttpURLConnection or you can follow other opensource http connection library like retrofit, asynchttp etc.
I am relatively new to web development, but I have some C++/Java experience. I have got the following conversion to do:
Current:
Desktop Application (Automation Software) developed in C# that communicates with remote PLC (Controller that overlooks different sensors in realtime) using TCP Sockets over the Web.
My Idea:
Convert the application into a server side software that will still communicate with the PLC over TCP/Socket. And use a browser to operate it, so the remote site can be monitored and controlled from any computer in our Intranet (possibly Tablets in the future).
Motive for doing it:
We had a computer fault which left the operators without control.
The new app:
I am planning on writing the server app using Java and OOP (so far no problem). And use HTML/CSS/Javascript for the WebApp and AJAX to update the page.
But I am still lost at how can I transport all this data between them in a proper and decent manner. I have read about SOAP and JSON in this Post. Although, I am not sure if I need to use them at all, is it a good solution to use either JSON or SOAP? Or is there any other solution that you may recommend?
Cheers,
Leo
If you consider skipping the development work to convert your app into a server-side software and just go for a third party solution, I suggest you take a look to Thinfinity VirtualUI.
"...offers a GUI remoting solution for in-house Windows desktop
developments, allowing them to be delivered as Windows/HTML5 dual-platform applications
simply by adding one line of code.
These Windows applications can keep their standard desktop environment behavior and,
alternatively, be accessed remotely from any modern web browser in a multi-user,
multi-instance fashion when hosted on a Thinfinity VirtualUI Server environment."
https://www.cybelesoft.com/docs/thinfinity_virtualui_whitepaper.pdf
SOAP is for defining public APIs that are published on the internet for other people to use, which does not seem like your use case. It is not particularly awesome to have to deal with it from inside a browser either, although there are javascript SOAP-client libraries. There is also going to be a fair bit more overhead on the server side parsing and validating XML than de/serializing between JSON and POJOs.
JSON is much easier to deal with in a browser, being natively understood and all that. Everything you need is built into the core of jQuery, no dependence on plugins that may have unknown levels of future support.
I have created a java app and I would like to be able to execute actions in this app by calling some custom urls (ex: myapp://do_this)
I have already searched for this, and I have found some information about handling such urls in java (URLStreamHandler).
The only part I'm missing, is how to tell the OS to redirect the "myapp://" protocol to my application.
More and more apps are defining their own protocol and I was wondering whether it was possible to create such kind of things in Java.
Thanks
The protocol in URLStreamHandler will be used inside of the jvm. Typical usage is something like res://... for resources. The OS and the browsers have their own sets of protocols (ftp, mailto).
You could probably extend Firefox with a plugin to handle your protocol.
But then you have to send that to your app, running as a small "web" server.
Forget for a moment URLStreamHandler.
Embed the Jetty web server in your app, say on port 8765, and write a servlet to handle your URLs. Then you can in your browser type "http://localhost:8765/do_this". Should suffice.
To add a new protocol, one needs to implement an XPCOM component. Since XPCOM allows programming languages to talk to eachother, XPCOM components can be implemented in C++ or JavaScript currently in Mozilla.
http://www.nexgenmedia.net/docs/protocol/ will help you to understand more.
i think this is what you want.
As others have said, getting browsers to understand a new protocol name is browser (and OS) specific - you can't do it from the server.
However, would Java Web Start ( http://download.oracle.com/javase/tutorial/deployment/webstart/ ) fit your requirements? Most browsers are already set up to handle JWS applications correctly.
I need implement a server that is publicly accessible from the internet. The server has a very simple mission:
Accept form POSTs from users over HTTPS (the actual HTML form is on a different site)
Rewrite the form post as JSON
Send it to an internal server over separate HTTPS connection, with multi server fail-over
Wait for a reply in JSON, containing either success or a error reason
Return a '303' redirection from either to a success URI or a failure URI, putting the error reason as a query parameter
The load this server is normally subjected to is minimal, but since there are no access restrictions, the server can obviously be attacked by DOS etc.
However, the real issue here is that security is absolutely paramount for the server - the server is involved in payment transactions with a large enough volume to make it a desirable target for cracking. The server is behind an IPS, but is otherwise directly connected to the internet and will terminate the HTTPS connections from end-user browsers directly without any intervening reverse proxies or SSL accelerators or such.
So, my question is, which Java web server would be the safest choice for such a purpose?
Or, alternatively, if you really think such requests should not directly be received by Java, but by lighttpd or something else, you may propose something else. But only if it can fulfill the requirements given above.
A really nice answer would touch on these issues:
Relevant security of OpenSSL vs. Java crypto vs. alternatives (all have had vulnerabilities)
Relevant security of Java VM features (such as recent XML parsing vulnerability)
Relevant security of web server's HTTP header parsing (almost all seem to have had vulnerabilities there)
Relevant security of optional compression (zlib has had vulnerabilities and mod_deflate has had separate vulnerabilities on top of that)
I'd argue that your main concern should be following best security practices and keeping your software up to date than specifically which software you choose. It's just about impossible to predict future vulnerabilities. And software with a lot of past vulnerabilities doesn't necessarily mean it was less secure, likely it was targeted more often and thus fixed more often. In that regard you want software that is regularly updated and you have an easy way to routinely get those updates.
I'd suggest Tomcat and follow the steps from Improving Apache Tomcat Security. Tomcat has the benefit of being common and open source, so it gets a lot of attention and quick fixes. Many attacks are against things you don't even need, so disable everything you can. Configure your web.xml to only accept URL paths you expect and give an error for everything else.
It doesn't sound like you need Apache HTTPD in front of the web container. It's probably best then to reduce the number of attack vectors and have web requests go directly to the web container. It's not possible to know which of HTTPD or Java are going to have more vulnerabilities discovered for SSL and gzip. Yet if you use only Java then you're at least not open to the rest of what might be found for HTTPD, versus a limited set of native implementation concerns for Java.
Make sure Java and your web container are kept up to date. Network and OS hardening should be researched too, if they haven't been. You might also want to look into daily scanning for web vulnerabilities to stay on top of new threats.
If you need something simple and single-purpose, I would give a try to Grizzly - less code, less bugs. It has some SSLConfig class to setup HTTPS, altough I have not used it.
Most servers are capable of that. Tomcat is an obvious choice. Tomcat behind Apache is also common. If using JavaEE - any application server would work.
Are there any what in the Java community would be called "application servers" for .NET? Similar to Tomcat, Resin, and Jetty. I'm not interested in a JSP equivalent, I'm looking for a servlet-based technology for XML/HTTP transaction processing (no UI).
If there is not a product like this, what would a good stack be to emulate this?
Microsoft appears to have dodged this by saying that Window Server + .NET + IIS + your code = app server, but it seems there is a lot of plumbing code that has to be written in order to get to an equivalent place as say Tomcat.
WCF or web services (ASMX) both seem like good candidates for what you want. WCF is probably more appropriate if you don't want to go the full SOAP route. You can host WCF in IIS, a console app, or a windows service. Depending on what you need it can use SOAP, simple XML, or even Json for encodings. As for transports you can use HTTP, IP, or Message Queues.
Dublin will be what you’re looking for, I guess.
I think you are looking for Http Handlers. You can handle the request at a low level without an aspx page. MSDN Reference
Since Microsoft enteprise applications are not targeted to run on any platform like Java, there is less of a need for a .NET equivalent to the Java app server like WebLogic or WebSphere. Many of the technologies provided by the Java app server are provided by either the Windows operating system or the .NET core library. You can draw direct comparisons between individual technologies such as JMS vs. MSMQ, but less so in the overall architecture.
I'm not interested in a JSP equivalent, I'm looking for a servlet-based technology for XML/HTTP transaction processing (no UI).
Sounds like what I do all the time. I use WCF for communication and host the program as a Windows Service. Windows Services have lots of nice things like remote monitoring and the ability to automatically restart in the unlikely event it crashes.