基于JSP的在線書(shū)店銷(xiāo)售系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)外文文獻(xiàn)及翻譯

1、畢業(yè)設(shè)計(jì)(論文)外文文獻(xiàn)翻譯專(zhuān)業(yè)學(xué)生姓名班級(jí)學(xué)號(hào)指導(dǎo)教師外文資料名稱(chēng)： An Overview of Servlet and JSP Technology 外文資料出處： Internet 附 件： 1.外文資料翻譯譯文 2.外文原文 指導(dǎo)教師評(píng)語(yǔ)： 簽名： 年 月 日Servlet和JSP技術(shù)簡(jiǎn)述Nagle and WiegleyXX譯摘要：Servlet程序在服務(wù)器端運(yùn)行，動(dòng)態(tài)地生成Web頁(yè)面與傳統(tǒng)的CGI和許多其他類(lèi)似CGI的技術(shù)相比，Java Servlet具有更高的效率，更容易使用，功能更強(qiáng)大，具有更好的可移植性，更節(jié)省投資。關(guān)鍵字：JSP技術(shù)，Servlet，HTTP服務(wù)1.1Se

2、rvlet的功能Servlets是運(yùn)行在Web或應(yīng)用服務(wù)器上的Java程序，它是一個(gè)中間層，負(fù)責(zé)連接來(lái)自Web瀏覽器或其他HTTP客戶程序的請(qǐng)求和HTTP服務(wù)器上的數(shù)據(jù)庫(kù)或應(yīng)用程序。Servlet的工作是執(zhí)行西門(mén)的任務(wù)，如圖1.1所示 。圖1.1Web中間件的作用（1） 讀取客戶發(fā)送的顯式數(shù)據(jù)。最終用戶一般在頁(yè)面的HTML表單中輸入這些數(shù)據(jù)。然而，數(shù)據(jù)還有可能來(lái)自applet或定制的HTTP客戶程序。（2） 讀取由瀏覽器發(fā)送的隱式請(qǐng)求數(shù)據(jù)。圖1.1中顯示了一條從客戶端到Web服務(wù)器的單箭頭，但實(shí)際上從客戶端傳送到Web服務(wù)器的數(shù)據(jù)有兩種，它們分別為用戶在表單中輸入的顯式數(shù)據(jù)，以及后臺(tái)的HTTP

3、信息。兩種數(shù)據(jù)都很重要。HTTP信息包括cookie、瀏覽器所能識(shí)別的媒體類(lèi)型和壓縮模式等。（3） 生成結(jié)果。這個(gè)過(guò)程可能需要訪問(wèn)數(shù)據(jù)庫(kù)、執(zhí)行RMI或EJB調(diào)用、調(diào)用Web服務(wù)，或者直接計(jì)算得出對(duì)應(yīng)的響應(yīng)。實(shí)際的數(shù)據(jù)可能存儲(chǔ)在關(guān)系型數(shù)據(jù)庫(kù)中。該數(shù)據(jù)庫(kù)可能不理解HTTP，或者不能返回HTML形式的結(jié)果，所有Web瀏覽器不能直接與數(shù)據(jù)庫(kù)進(jìn)行會(huì)話。即使它能夠做到這一點(diǎn)，為了安全上的考慮，我們也不希望讓它這么做。對(duì)應(yīng)大多數(shù)其他應(yīng)用程序，也存在類(lèi)似的問(wèn)題。因此，我們需要Web中間層從HTTP流中提取輸入數(shù)據(jù)，與應(yīng)用程序會(huì)話，并將結(jié)果嵌入到文檔中。（4） 向客戶發(fā)送顯式數(shù)據(jù)（即文檔）。這個(gè)文檔可以用各種格

4、式發(fā)送，包括文本（HTML或XML），二進(jìn)制（GIF圖），甚至可以式建立在其他底層格式之上的壓縮格式，如gzip。但是，到目前為止，HTML式最常用的格式，故而servelt和JSP的重要任務(wù)之一就式將結(jié)果包裝到HTML中。（5） 發(fā)送隱式的HTTP響應(yīng)數(shù)據(jù)。圖1.1中顯示了一條從Web中間層到客戶端的單箭頭。但是，實(shí)際發(fā)送的數(shù)據(jù)有兩種：文檔本身，以及后臺(tái)的HTTP信息。同樣，兩種數(shù)據(jù)對(duì)開(kāi)發(fā)來(lái)說(shuō)都式至關(guān)重要的。HTTP響應(yīng)數(shù)據(jù)的發(fā)送過(guò)程涉及告知瀏覽器或其他客戶程序所返回文檔的類(lèi)型（如HTML），設(shè)置cookie和緩存參數(shù)，以及其他類(lèi)似的任務(wù)。1.2動(dòng)態(tài)構(gòu)建網(wǎng)頁(yè)的原因預(yù)先建立的文檔可以滿足客戶的

5、許多請(qǐng)求，服務(wù)器無(wú)需調(diào)用servlet就可以處理這些請(qǐng)求。然而，許多情況下靜態(tài)的結(jié)果不能滿足要求，我們需要針對(duì)每個(gè)請(qǐng)求生成一個(gè)頁(yè)面。實(shí)時(shí)構(gòu)建頁(yè)面的理由有很多種：1、網(wǎng)頁(yè)基于客戶發(fā)送的數(shù)據(jù)。例如，搜索引擎生成的頁(yè)面，以及在線商店的訂單確認(rèn)頁(yè)面，都要針對(duì)特定的用戶請(qǐng)求而產(chǎn)生。在沒(méi)有讀取到用戶提交的數(shù)據(jù)之前，我們不知道應(yīng)該顯示什么。要記住，用戶提交兩種類(lèi)型的數(shù)據(jù)：顯示（即HTML表單的數(shù)據(jù)）和隱式（即HTTP請(qǐng)求的報(bào)頭）。兩種輸入都可用來(lái)構(gòu)建輸出頁(yè)面。基于cookie值針對(duì)具體用戶構(gòu)建頁(yè)面的情況尤其普遍。2、頁(yè)面由頻繁改變的數(shù)據(jù)導(dǎo)出。如果頁(yè)面需要根據(jù)每個(gè)具體的請(qǐng)求做出相應(yīng)的改變，當(dāng)然需要在請(qǐng)求發(fā)生時(shí)

6、構(gòu)建響應(yīng)。但是，如果頁(yè)面周期性地改變，我們可以用兩種方式來(lái)處理它：周期性地在服務(wù)器上構(gòu)建新的頁(yè)面（和客戶請(qǐng)求無(wú)關(guān)），或者僅僅在用戶請(qǐng)求該頁(yè)面時(shí)再構(gòu)建。具體應(yīng)該采用哪種方式要根據(jù)具體情況而定，但后一種方式常常更為方便，因?yàn)樗恍韬?jiǎn)單地等待用戶的請(qǐng)求。例如，天氣預(yù)報(bào)或新聞網(wǎng)站可能會(huì)動(dòng)態(tài)地構(gòu)建頁(yè)面，也有可能會(huì)返回之前構(gòu)建的頁(yè)面（如果它還是最新的話）。3、頁(yè)面中使用了來(lái)自公司數(shù)據(jù)庫(kù)或其他數(shù)據(jù)庫(kù)斷數(shù)據(jù)源的信息。如果數(shù)據(jù)存儲(chǔ)在數(shù)據(jù)庫(kù)中，那么，即使客戶端使用動(dòng)態(tài)Web內(nèi)容，比如applet，我們依舊需要執(zhí)行服務(wù)器端處理。想象以下，如果一個(gè)搜索引擎網(wǎng)站完全使用applet，那么用戶將會(huì)看到：“正在下載50TB

7、的applet，請(qǐng)等待！”。顯然，這樣很愚蠢；這種情況下，我們需要與數(shù)據(jù)庫(kù)進(jìn)行會(huì)話。從客戶端到Web層再到數(shù)據(jù)庫(kù)（三層結(jié)構(gòu)），要比從applet直接到數(shù)據(jù)庫(kù)（二層結(jié)構(gòu)）更靈活，也更安全，而性能上的損失很少甚至沒(méi)有。畢竟數(shù)據(jù)庫(kù)調(diào)用通常是對(duì)速度影響最大的步驟，因而，經(jīng)過(guò)中間層可以執(zhí)行高速緩存和連接共享。理論上講，servelt并非只用于處理HTTP請(qǐng)求的Web服務(wù)器或應(yīng)用服務(wù)器，它同樣可以用于其他類(lèi)型的服務(wù)器。例如，servlet能夠嵌入到FTP或郵件服務(wù)器中，擴(kuò)展他們的功能。而且，用于會(huì)話啟動(dòng)協(xié)議服務(wù)器的servlet API最近已經(jīng)被標(biāo)準(zhǔn)化（參見(jiàn)/en/jsr/det

8、ail?id=116）。但在實(shí)踐中，servelt的這種用法尚不流行，在此，我們只論述HTTP Servlet。1.3 Servlet相對(duì)于“傳統(tǒng)”CGI的優(yōu)點(diǎn)和傳統(tǒng)CGI及許多類(lèi)CGI技術(shù)相比，Java servelt效率更高、更易用、更強(qiáng)大、更容易移植、更安全、也更廉價(jià)。1、效率應(yīng)用傳統(tǒng)的CGI，針對(duì)每個(gè)HTTP請(qǐng)求都用啟動(dòng)一個(gè)新的進(jìn)程。如果CGI程序自身相對(duì)比較簡(jiǎn)短，那么啟動(dòng)進(jìn)程的開(kāi)銷(xiāo)會(huì)占用大部分執(zhí)行時(shí)間。而使用servelt，Java虛擬機(jī)會(huì)一直運(yùn)行，并用輕量級(jí)的Java線程處理每個(gè)請(qǐng)求，而非重量級(jí)的操作系統(tǒng)進(jìn)程。類(lèi)似地，應(yīng)用傳統(tǒng)的CGI技術(shù)，如果存在對(duì)同一CGI程序的N個(gè)請(qǐng)求，那么C

9、GI程序的代碼會(huì)載入內(nèi)存N次。同樣的情況，如果使用servlet則啟動(dòng)N個(gè)線程，單僅僅載入servlet類(lèi)的單一副本。這種方式減少了服務(wù)器的內(nèi)存需求，通過(guò)實(shí)例化更少的對(duì)象從而節(jié)省了時(shí)間。最后，當(dāng)CGI程序結(jié)束對(duì)請(qǐng)求的處理之后，程序結(jié)束。這種方式難以緩存計(jì)算結(jié)果，保持?jǐn)?shù)據(jù)庫(kù)連接打開(kāi)，或是執(zhí)行依靠持續(xù)性數(shù)據(jù)的其他優(yōu)化。然而，servelt會(huì)一直停留在內(nèi)存中（即使請(qǐng)求處理完畢），因而可以直接存儲(chǔ)客戶請(qǐng)求之間的任意復(fù)雜數(shù)據(jù)。2、便利Servelt提供大量的基礎(chǔ)構(gòu)造，可以自動(dòng)分析和解碼HTML的表單數(shù)據(jù)，讀取和設(shè)置HTTP報(bào)頭，處理cookie，跟蹤會(huì)話，以及其他次類(lèi)高級(jí)功能。而在CGI中，大部分工作都

10、需要我們資金完成。另外，如果您已經(jīng)了解了Java編程語(yǔ)言，為什么還有學(xué)校Perl呢？您已經(jīng)承認(rèn)應(yīng)用Java技術(shù)編寫(xiě)的代碼要比Visual Basic，VBScript或C編寫(xiě)的代碼更可靠，且更易重用，為什么還有倒退回去選擇那些語(yǔ)言來(lái)開(kāi)發(fā)服務(wù)器端的程序呢？3、強(qiáng)大Servlet支持常規(guī)CGI難以實(shí)現(xiàn)或根本不能實(shí)現(xiàn)的幾項(xiàng)功能。Servlet能夠直接于Web服務(wù)器對(duì)話，而常規(guī)的CGI程序做不到這一點(diǎn)，至少在不使用服務(wù)器專(zhuān)有API的情況下是這樣。例如，與Web服務(wù)器的通信使得講相對(duì)URL轉(zhuǎn)換成具體的路徑名變得更為容易。多個(gè)servelt還可以共享數(shù)據(jù)，從而易于實(shí)現(xiàn)數(shù)據(jù)庫(kù)連接共享和類(lèi)似的資源共享優(yōu)化。S

11、ervelt還能維護(hù)請(qǐng)求之間的信息，使得諸如會(huì)話跟蹤和計(jì)算結(jié)果緩存等技術(shù)變得更為簡(jiǎn)單。4、可移植性Servelt使用Java編程語(yǔ)言，并且遵循標(biāo)準(zhǔn)的API。所有主要的Web服務(wù)器。實(shí)際上都直接或通過(guò)插件支持servlet。因此。為Macromedia JRun編寫(xiě)的servlet，可以不經(jīng)過(guò)任何修改地在Apache Tomcat，Microsoft Internet Information Server，IBM WebSphere 。iPlanet Enterprise Server。Oracle9i AS 或者StrNine WebStar上運(yùn)行。他們是java2平臺(tái)企業(yè)版的一部分，所以對(duì)s

12、ervlet的支持越來(lái)越普遍。5、廉價(jià)對(duì)于開(kāi)發(fā)用的網(wǎng)站、低容量或中等容量網(wǎng)站的部署，有大量免費(fèi)或極為廉價(jià)的Web服務(wù)器可供選擇。因此，通過(guò)使用servelt和jsp，我們可以從免費(fèi)或廉價(jià)的服務(wù)器開(kāi)始，在項(xiàng)目獲得初步成功后，在移植到更高性能或高級(jí)管理工具的昂貴的服務(wù)器上。這與其他CGI方案形成鮮明的對(duì)比，這些CGI方案在初期都需要為購(gòu)買(mǎi)專(zhuān)利軟件包投入大量的資金。價(jià)格和可移植性在某種程度上是相互關(guān)聯(lián)的。例如，Marty記錄了所有通過(guò)電子郵件向他發(fā)送問(wèn)題的讀者的所在國(guó)。印度接近列表的頂端，可能僅次于美國(guó)。Marty曾在馬尼拉講授過(guò)jsp和servlet培訓(xùn)課程，那兒對(duì)servelt和jsp技術(shù)抱很大

13、的興趣。那么，為什么印度和菲律賓都對(duì)這項(xiàng)技術(shù)著呢感興趣呢？我們推測(cè)答案可能分兩部分。首先，這兩個(gè)國(guó)家都擁有大量訓(xùn)練有素的軟件開(kāi)發(fā)人員。其次，這兩個(gè)國(guó)家的貨幣對(duì)美元的匯率都極為不利。因此，從美國(guó)公司那里購(gòu)買(mǎi)專(zhuān)用Web服務(wù)器會(huì)消耗掉項(xiàng)目的大部分前期資金。但是，使用servlet 和JSP，他們能夠從免費(fèi)的服務(wù)器開(kāi)始：Apache Tomcat。項(xiàng)目取得成功之后，他們可以轉(zhuǎn)移到性能更高、管理更容易，但需要付費(fèi)的服務(wù)器。他們的servelt和jsp不需要重寫(xiě)編寫(xiě)。如果他們的項(xiàng)目變得更龐大，他們或許希望轉(zhuǎn)移到分布式環(huán)境。沒(méi)有問(wèn)題：他們可以轉(zhuǎn)而使用Macromedia JRun Professional，

14、該服務(wù)器支持分布式應(yīng)用。同樣，他們的servelt和jsp沒(méi)有任何部分需要重寫(xiě)。如果項(xiàng)目變得極為龐大，錯(cuò)綜復(fù)雜，他們或許希望使用Enterprise JavaBeans來(lái)封裝他們的商業(yè)邏輯。因此，他們可以切換到BEA WebLogic或Oracle9i AS。同樣，不需要對(duì)servlet和jsp做出更改。最后，如果他們的項(xiàng)目變得更龐大，他們或許將他從Linux轉(zhuǎn)移到運(yùn)行IBM WebSphere的IBM大型機(jī)上。他們還是不需要做出任何更改。6、安全傳統(tǒng)CGI程序中主要的漏洞來(lái)源之一就是，CGI程序常常由通過(guò)的操作系統(tǒng)外殼來(lái)執(zhí)行。因此,CGI程序必須仔細(xì)地過(guò)濾掉那些可能被外殼特殊處理的字符，如反

15、引導(dǎo)和分號(hào)。實(shí)現(xiàn)這項(xiàng)預(yù)防措施的難度可能超出我們的想象，在廣泛應(yīng)用的CGI庫(kù)中，不斷發(fā)現(xiàn)由這類(lèi)問(wèn)題引發(fā)的弱點(diǎn)。問(wèn)題的第二個(gè)來(lái)源是，一些CGI程序用不自動(dòng)檢查數(shù)組和字符串邊界的語(yǔ)言編寫(xiě)而成。例如，在C和C中，可以分配一個(gè)100個(gè)元素的數(shù)組，然后向第999個(gè)“元素“寫(xiě)入數(shù)據(jù)實(shí)際上是程序內(nèi)存的隨機(jī)部分，這完全合法。因而，如果程序員忘記執(zhí)行這項(xiàng)檢查，就會(huì)將系統(tǒng)暴露在蓄意或偶然的緩沖區(qū)溢出攻擊之下。Servelt不存在這些問(wèn)題。即使servelt執(zhí)行系統(tǒng)調(diào)用激活本地操作系統(tǒng)上的程序，它也不會(huì)用到外殼來(lái)完成這項(xiàng)任務(wù)。當(dāng)然，數(shù)組邊界的檢查以及其他內(nèi)存包含特性是java編程語(yǔ)言的核心部分。7、主流雖然存在許多很

16、好的技術(shù)，但是，如果提供商助支持他們，或開(kāi)發(fā)人員不知道如何使用這些技術(shù)，那么它們的優(yōu)點(diǎn)又如何體現(xiàn)呢？servelt和jsp技術(shù)得到服務(wù)器提供商的廣泛支持，包括Apache，Oracle，IBM，Sybase，BEA，Maromedia，Causho，Sun/iPlanet，New Atlanta，ATG，F(xiàn)ujitsu，Lutris，Silverstream，World Wide Web Consortinrm ，以及其他服務(wù)器。存在幾種低廉的插件，通過(guò)應(yīng)用這些插件，Microsoft IIS和Zeus也同樣支持servlet和jsp技術(shù)，它們運(yùn)行在Windows，Unix/Linus,Mac

17、OS,VMS，和IBM大型機(jī)操作系統(tǒng)之上。它們用在航空業(yè)、電子商務(wù)、在線銀行、web搜索引擎、門(mén)戶、大型金融網(wǎng)站、以及成百上千您日常光顧的其他網(wǎng)站。當(dāng)然，僅僅是流行并不能證明技術(shù)的優(yōu)越性。很多泛美的例子。但我們的立場(chǎng)是：服務(wù)器端Java本非一項(xiàng)新的、為經(jīng)證實(shí)的技術(shù)。An Overview of Servlet and JSP TechnologyNagle and WiegleyAbstract: Servlet program running in the server-side, dynamically generated Web page with the traditional CGI

18、 and many other similar compared to CGI technology, Java Servlet with a more efficient, easier to use, more powerful and has better portability, more savings to invest .Key words: JSP Technology, Servlet, HTTP server1.1 A Servlet's JobServlets are Java programs that run on Web or application ser

19、vers, acting as a middle layer between requests coming from Web browsers or other HTTP clients and databases or applications on the HTTP server. Their job is to perform the following tasks, as illustrated in Figure 1-1.Figure 1-11Read the explicit data sent by the client.The end user normally enters

20、 this data in an HTML form on a Web page. However, the data could also come from an applet or a custom HTTP client program.2Read the implicit HTTP request data sent by the browser.Figure 1-1 shows a single arrow going from the client to the Web server (the layer where servlets and JSP execute), but

21、there are really two varieties of data: the explicit data that the end user enters in a form and the behind-the-scenes HTTP information. Both varieties are critical. The HTTP information includes cookies, information about media types and compression schemes the browser understands, and so on.3Gener

22、ate the results.This process may require talking to a database, executing an RMI or EJB call, invoking a Web service, or computing the response directly. Your real data may be in a relational database. Fine. But your database probably doesn't speak HTTP or return results in HTML, so the Web brow

23、ser can't talk directly to the database. Even if it could, for security reasons, you probably would not want it to. The same argument applies to most other applications.You need the Web middle layer to extract the resultsinside a document.4Send the explicit data (i.e., the document) to the clien

24、t.This document can be sent in a variety of formats, including text (HTML or XML), binary (GIF images), or even a compressed format like gzip that is layered on top of some other underlying format. But, HTML is by far the most common format, so an important servlet/JSP task is to wrap the results in

25、side of HTML.5Send the implicit HTTP response data.Figure 1-1 shows a single arrow going from the Web middle layer (the servlet or JSP page) to the client. But, there are really two varieties of data sent: the document itself and the behind-the-scenes HTTP information. Again, both varieties are crit

26、ical to effective development. Sending HTTP response data involves telling the browser or other client what type of document is being returned (e.g., HTML), setting cookies and caching parameters, and other such tasks. 1.2 Why Build Web Pages Dynamically?many client requests can be satisfied by preb

27、uilt documents, and the server would handle these requests without invoking servlets. In many cases, however, a static result is not sufficient, and a page needs to be generated for each request. There are a number of reasons why Web pages need to be built on-the-fly:1 The Web page is based on data

28、sent by the client.For instance, the results page from search engines and order-confirmation pages at online stores are specific to particular user requests. You don't know what to display until you read the data that the user submits. Just remember that the user submits two kinds of data: expli

29、cit (i.e., HTML form data) and implicit (i.e., HTTP request headers). Either kind of input can be used to build the output page. In particular, it is quite common to build a user-specific page based on a cookie value.2The Web page is derived from data that changes frequently.If the page changes for

30、every request, then you certainly need to build the response at request time. If it changes only periodically, however, you could do it two ways: you could periodically build a new Web page on the server (independently of client requests), or you could wait and only build the page when the user requ

31、ests it. The right approach depends on the situation, but sometimes it is more convenient to do the latter: wait for the user request. For example, a weather report or news headlines site might build the pages dynamically, perhaps returning a previously built page if that page is still up to date.3T

32、he Web page uses information from corporate databases or other server-side sources.If the information is in a database, you need server-side processing even if the client is using dynamic Web content such as an applet. Imagine using an applet by itself for a search engine site:"Downloading 50 t

33、erabyte applet, please wait!" Obviously, that is silly; you need to talk to the database. Going from the client to the Web tier to the database (a three-tier approach) instead of from an applet directly to a database (a two-tier approach) provides increased flexibility and security with little

34、or no performance penalty. After all, the database call is usually the rate-limiting step, so going through the Web server does not slow things down. In fact, a three-tier approach is often faster because the middle tier can perform caching and connection pooling.In principle, servlets are not restr

35、icted to Web or application servers that handle HTTP requests but can be used for other types of servers as well. For example, servlets could be embedded in FTP or mail servers to extend their functionality. And, a servlet API for SIP (Session Initiation Protocol) servers was recently standardized (

36、see /en/jsr/detail?id=116). In practice, however, this use of servlets has not caught on, and we'll only be discussing HTTP servlets.1.3 The Advantages of Servlets Over "Traditional" CGIJava servlets are more efficient, easier to use, more powerful, more portable, safer, a

37、nd cheaper than traditional CGI and many alternative CGI-like technologies.1EfficientWith traditional CGI, a new process is started for each HTTP request. If the CGI program itself is relatively short, the overhead of starting the process can dominate the execution time. With servlets, the Java virt

38、ual machine stays running and handles each request with a lightweight Java thread, not a heavyweight operating system process. Similarly, in traditional CGI, if there are N requests to the same CGI program, the code for the CGI program is loaded into memory N times. With servlets, however, there wou

39、ld be N threads, but only a single copy of the servlet class would be loaded. This approach reduces server memory requirements and saves time by instantiating fewer objects. Finally, when a CGI program finishes handling a request, the program terminates. This approach makes it difficult to cache com

40、putations, keep database connections open, and perform other optimizations that rely on persistent data. Servlets, however, remain in memory even after they complete a response, so it is straightforward to store arbitrarily complex data between client requests.2ConvenientServlets have an extensive i

41、nfrastructure for automatically parsing and decoding HTML form data, reading and setting HTTP headers, handling cookies, tracking sessions, and many other such high-level utilities. In CGI, you have to do much of this yourself. Besides, if you already know the Java programming language, why learn Pe

42、rl too? You're already convinced that Java technology makes for more reliable and reusable code than does Visual Basic, VBScript, or C+. Why go back to those languages for server-side programming?3PowerfulServlets support several capabilities that are difficult or impossible to accomplish with r

43、egular CGI. Servlets can talk directly to the Web server, whereas regular CGI programs cannot, at least not without using a server-specific API. Communicating with the Web server makes it easier to translate relative URLs into concrete path names, for instance. Multiple servlets can also share data,

44、 making it easy to implement database connection pooling and similar resource-sharing optimizations. Servlets can also maintain information from request to request, simplifying techniques like session tracking and caching of previous computations.4PortableServlets are written in the Java programming

45、 language and follow a standard API. Servlets are supported directly or by a plugin on virtually every major Web server. Consequently, servlets written for, say, Macromedia JRun can run virtually unchanged on Apache Tomcat, Microsoft Internet Information Server (with a separate plugin), IBM WebSpher

46、e, iPlanet Enterprise Server, Oracle9i AS, or StarNine WebStar. They are part of the Java 2 Platform, Enterprise Edition (J2EE; see so industry support for servlets is becoming even more pervasive.5InexpensiveA number of free or very inexpensive Web servers are good for development use or deployment

47、 of low- or medium-volume Web sites. Thus, with servlets and JSP you can start with a free or inexpensive server and migrate to more expensive servers with high-performance capabilities or advanced administration utilities only after your project meets initial success. This is in contrast to many of

48、 the other CGI alternatives, which require a significant initial investment for the purchase of a proprietary package.Price and portability are somewhat connected. For example, Marty tries to keep track of the countries of readers that send him questions by email. India was near the top of the list,

49、 probably #2 behind the U.S. Marty also taught one of his JSP and servlet training courses (see in Manila, and there was great interest in servlet and JSP technology there.Now, why are India and the Philippines both so interested? We surmise that the answer is twofold. First, both countries have lar

50、ge pools of well-educated software developers. Second, both countries have (or had, at that time) highly unfavorable currency exchange rates against the U.S. dollar. So, buying a special-purpose Web server from a U.S. company consumed a large part of early project funds.But, with servlets and JSP, t

51、hey could start with a free server: Apache Tomcat (either standalone, embedded in the regular Apache Web server, or embedded in Microsoft IIS). Once the project starts to become successful, they could move to a server like Caucho Resin that had higher performance and easier administration but that i

52、s not free. But none of their servlets or JSP pages have to be rewritten. If their project becomes even larger, they might want to move to a distributed (clustered) environment. No problem: they could move to Macromedia JRun Professional, which supports distributed applications (Web farms). Again, n

53、one of their servlets or JSP pages have to be rewritten. If the project becomes quite large and complex, they might want to use Enterprise JavaBeans (EJB) to encapsulate their business logic. So, they might switch to BEA WebLogic or Oracle9i AS. Again, none of their servlets or JSP pages have to be

54、rewritten. Finally, if their project becomes even bigger, they might move it off of their Linux box and onto an IBM mainframe running IBM WebSphere. But once again, none of their servlets or JSP pages have to be rewritten.6SecureOne of the main sources of vulnerabilities in traditional CGI stems fro

55、m the fact that the programs are often executed by general-purpose operating system shells. So, the CGI programmer must be careful to filter out characters such as backquotes and semicolons that are treated specially by the shell. Implementing this precaution is harder than one might think, and weaknesses stemming from this problem are constantly being uncovered in widely used CGI libraries.A second source of problems is the fact that some CGI programs are processed by languages that do not automatically check array or string bounds. For example