Java Tecaj 12 Prezentacija
Transcript of Java Tecaj 12 Prezentacija
![Page 1: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/1.jpg)
Razvoj Web aplikacija2. dio
Marko Čupić
Lipanj, 2007.
![Page 2: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/2.jpg)
Web formulari
• servleti i JSP-ovi s korisnikomkomuniciraju kroz parametre– prijenos preko GET parametri kroz URL– prijenos preko POST parametri putuju
kao tijelo zahtjeva (korisnik ih ne vidi)
• Važan link: Servlet specification v2.4
http://jcp.org/aboutJava/communityprocess/final/jsr154/index.html
![Page 3: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/3.jpg)
Web formulari
• definirano od strane W3C:
http://www.w3.org/TR/html4/interact/forms.html
![Page 4: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/4.jpg)
Web formulari
• Kako bi se omogućilo da korisnik unosiželjene parametre Web formulari
• U HTML dokumentu to je tag <FORM>• Osnovna struktura:
<form action=”” method=”” enctype=””>...</form>
![Page 5: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/5.jpg)
Web formulari• <form action=”” method=”” enctype=””>
...</form>
• action:– Na koji URL treba poslati sadržaj koji
predstavlja popunjeni formular
• method:– Na koji način treba zapakirati sadržaj
formulara; najčešće GET ili POST
![Page 6: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/6.jpg)
Web formulari• <form action=”” method=”” enctype=””>
...</form>
• enctype:– Kako treba sastaviti “tekst” koji predstavlja
sadržaj formulara– Danas se koriste:
• application/x-www-form-urlencoded(ovo je pretpostavljeni način)
• multipart/form-data
![Page 7: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/7.jpg)
Web formulari
• application/x-www-form-urlencoded– Pretpostavimo da formular sadrži dva polja
za unos teksta: JMBAG i Smjer– Ako korisnik u formular upiše 0012345678 i
FER1, sadržaj formulara prema ovom kodiranju prevest će se u:
JMBAG=0012345678&Smjer=FER1
i poslati poslužitelju
![Page 8: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/8.jpg)
Web formulari
• application/x-www-form-urlencoded– Ovaj način kodiranja formular pretvara u
niz parova ime=vrijednost, pri čemu su pojedini parovi razdvojeni znakom &
– Ako ime ili vrijednost sadrži takav znak (ili neki drugi koji se posebno tretira), te znakove treba zamijeniti odgovarajućom escape sekvencom kako ne bi došlo dozabune kod ponovne rekonstrukcije sadržaja formulara na poslužitelju
![Page 9: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/9.jpg)
Web formulari
• multipart/form-data– Složeniji način– Tipično se koristi zajedno s POST načinom
slanja kada se u sklopu formulara šalju datoteke
![Page 10: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/10.jpg)
Web formulari
• Tijelo formulara– kontrole za unos različitih vrsta– podataka
• linija teksta / šifre• višelinijski unos• isključive opcije• višestruki izbor• jednostavni izbornik• skriveni parametri• gumbi
![Page 11: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/11.jpg)
Web formulari
• Primjer
![Page 12: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/12.jpg)
Web formulari
• linija teksta / šifre
<inputtype=”text”name=”prezime”value=”Peric”size=”30”>
![Page 13: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/13.jpg)
Web formulari
• linija teksta / šifre
<inputtype=”password”name=”zaporka”value=”tajna”size=”30”>
![Page 14: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/14.jpg)
Web formulari
• Višelinijski unos<textarea
name=”adresa”rows=”5”cols=”30”>
Nepoznato</textarea>
![Page 15: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/15.jpg)
Web formulari
• isključive opcije<input
type=”radio”name=”spol”value=”M”checked>Muško
• Više kontrola s istim imenom činimeđusobno isključivu grupu!
![Page 16: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/16.jpg)
Web formulari
• višestruki izbor<input
type=”checkbox”name=”drustvo”value=”ieee”checked>IEEE
• Podržano više kontrola s istimimenom!
![Page 17: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/17.jpg)
Web formulari
• jednostavni izbornik / lista
<select name="posao" size="1"><option value="nista" selected>Ništa od navedenog<optgroup label="Edukacija"><option value="edu1">Asistent<option value="edu2">Nastavnik</optgroup><optgroup label="Politika"><option value="pol1">Političar<option value="pol2">Glasnogovornik</optgroup></select>
![Page 18: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/18.jpg)
Web formulari
• skriveni parametri<input
type=”hidden”name=”rubrika”value=”r18”>
• nema vizualne reprezentacije
![Page 19: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/19.jpg)
Web formulari
• Gumbi
<inputtype=”button”value=”provjeri”
onClick=”neki_javascript_kod”>
• za poziv javascript-a u klijentu korisnika• umjesto INPUT postoji i BUTTON tag
![Page 20: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/20.jpg)
Web formulari
• U trenutku pritiska gumba submit– preglednik provjerava sve kontrole forme– prikuplja sve vrijednosti– slaže zahtjev koji će biti poslan (GET ili
POST)– šalje zahtjev za stranicom iz action
atributa (dodaje parametre za GET)
![Page 21: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/21.jpg)
Zaštita stranica
• Pojam “korisnika” važan je pri izradiWeb aplikacija
• Model koji se koristi kod servleta iJSPova sadrži dva koncepta:– korisnik– uloga
![Page 22: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/22.jpg)
Zaštita stranica
• Servlet / JSP u svakom trenutku možedoznati u ime koga se izvršava pozivom:
String request.getRemoteUser();
• Servlet / JSP u svakom trenutku možedoznati je li aktivni korisnik u nekojulozi:
booleanrequest.isUserInRole();
![Page 23: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/23.jpg)
Zaštita stranica
• Pojedini dijelovi Web aplikacije mogu se zaštititi:
– programski(“hardkodirati” provjere)
– deklarativno(u web.xml datoteci)
![Page 24: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/24.jpg)
Zaštita stranica
• Deklarativna zaštita:u web.xml tag security-constraint
<security-constraint><display-name>Security Constraint for rokovi</display-name><web-resource-collection>
<web-resource-name>Protected Area</web-resource-name><url-pattern>/zasticeno/*</url-pattern>
</web-resource-collection><auth-constraint>
<!-- Anyone with one of the listed roles may access this area --><role-name>manager</role-name><role-name>rokoviAdmin</role-name>
</auth-constraint></security-constraint>
![Page 25: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/25.jpg)
Zaštita stranica
• U trenutku kada se zahtjevadeklarativno zaštićena stranica:– provjerava se je li korisnik već logiran– ako je, provjerava se ima li potrebnu ulogu– ako nije, prelazi se na fazu autentifikacije– po uspješnoj autentifikaciji provjerava se
ima li korisnik potrebnu ulogu
![Page 26: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/26.jpg)
Zaštita stranica
• Tomcat podržava nekoliko metodaautentifikacije
• Dvije najčešće korištene:– BASIC – sam klijent (Web preglednik) kroz
dijalog pita korisnika za username & password
– FORM – Web aplikacija ima stranicu s formularom za autentifikaciju
![Page 27: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/27.jpg)
Zaštita stranica
• Metoda autentifikacije konfigurira setagom <login-config>:
<login-config><auth-method>FORM</auth-method><realm-name>
Example Form-Based Authentication Area</realm-name><form-login-config><form-login-page>/jsp/secure/login.jsp</form-login-page><form-error-page>/jsp/secure/error.jsp</form-error-page>
</form-login-config></login-config>
![Page 28: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/28.jpg)
Zaštita stranica
• Ako se koristi metoda BASIC– <form-login-config> dio se izostavlja
![Page 29: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/29.jpg)
Zaštita stranica
• Primjer formulara: login.jsp
<%@ page contentType="text/html; charset=utf-8" %><html>
<head><title>Login Page</title></head><body bgcolor="white“
onLoad="document.forms[0].j_username.focus();"><form method="POST“
action='<%= response.encodeURL("j_security_check") %>'>Username: <input type="text" name="j_username"><br>Password: <input type="password" name="j_password"><br><input type="submit" value="Log In"> <input type="reset"><br>
</form></body>
</html>
![Page 30: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/30.jpg)
Zaštita stranica
• Primjer formulara: error.jsp
<%@ page contentType="text/html; charset=utf-8" %><html><head><title>Error Page For Examples</title>
</head><body bgcolor="white">
Invalid username and/or password, please try<a href='<%= response.encodeURL("login.jsp") %>'>
again </a>.</body>
</html>
![Page 31: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/31.jpg)
Zaštita stranica
• Od kuda se “vade” podaci o korisnicima?• Tomcat izvore tih podataka zove
“Autentification Realms”• Tomcat dolazi s nekoliko implementacija
![Page 32: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/32.jpg)
Zaštita stranica
• Podaci iz lokalne datoteke:($CATALINA_HOME/conf/tomcat-users.xml)
<RealmclassName="org.apache.catalina.realm.UserDatabaseRealm“debug="0“resourceName="UserDatabase"/>
![Page 33: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/33.jpg)
Zaštita stranica
• Primjer datoteke($CATALINA_HOME/conf/tomcat-users.xml)
<?xml version='1.0' encoding='utf-8'?><tomcat-users><role rolename="korisnik"/><role rolename="administrator"/><user username=“perica" password="tajna“
roles="korisnik,administrator"/><user username="pero" password="tajna2"
roles="korisnik"/></tomcat-users>
![Page 34: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/34.jpg)
Zaštita stranica
• U web.xml korištene uloge trebadeklarirati!
<security-role><description>Obican korisnik
</description><role-name>korisnik</role-name>
</security-role><security-role><description>Administrator sustava
</description><role-name>administrator</role-name>
</security-role>
![Page 35: Java Tecaj 12 Prezentacija](https://reader035.fdocument.pub/reader035/viewer/2022081716/55259e90550346f36e8b48f1/html5/thumbnails/35.jpg)
Zaštita stranica
• Osim ovoga, podaci se mogu dohvaćatiiz raznih baza (JDBCRealm), ...