A Servlet Refresher

A Servlet is a dynamic web component developed in Java technology, loaded and run by Java technology enabled web server. The Servlet interface is the core of the Java Servlet API. The two classes which implement the Servlet interface are the GenericServlet and the HttpServlet. The Servlet interface defines the init(), service() and the destroy() methods which are implemented by GenericServlet class. The HttpServlet is an abstract class extending GenericServlet and basically helps in processing HTTP requests.

Servlet Life Cycle
The Servlet life cycle is expressed in the API by the init, service and destroy methods of the Servlet interface

Request Object
The Request object encapsulates all the information from the client request. This information is passed from the client to the server in the HTTP headers and message body of the request.
The request object is valid only within the scope of servlet's service() method or within the scope of a filter's dofilter() method. If it is an asynchrounous request and startAsync has been invooked on the request object, the request object is valid util complete() is invoked on the AsyncContext
1. HTTP Protocol Parameters
Request parameters for the servlet
2. File Upload
Request is of type multipart/form-data
3. Attributes
Attributes are objects associated with a request
4. Headers
Headers of the http request
5. Request Path Elements
Request path that leads to the servlet servicing the request. It is composed of Context Path, Servlet Path, PathInfo
6. Cookies
Data sent by the client to the server on every request that the client makes. A cookie can be a HTTPOnly cookie indicating that this cookie should not be exposed to the client side script
7. SSL Attribute
The isSecure() method of the ServletRequest returns true if the request is sent over HTTPS
8. Internationlization
The language used by the client is communicated using Accept-Language header. ServletRequest has getLocale method to determine the preferred locale for the client
9. Request Data Encoding
The default encoding used by the servlet container to read the request is ISO-8859-1

Response Object
The response object is valid within the scope of the servlet's service method or within the scope of the filter's doFilter method. If asynchronous processing on the request has been started, then the response object is valid until the complete method on AsyncContext is called.
1. Buffering
A servlet container is allowed but not required to buffer output going to the client
2. Headers
Headers of the http response
3. Redirection and Error
HttpServletResponse interface provides sendRedirect method for redirecting the client to a different URI and sendError method for returning an error message to the client. These methods have the side effect of committing the response if it has not been already committed and terminated. Any data written to the response after these methods are called is ignored.
4. Internationalization
Containors must communicate the locale and the character encoding used by the servlet's response writer to the client via Content-Language header in the case of HTTP
5. Closure and Termination
When a response is closed, all the content in the response buffer is flushed to the client. Following events indicate that the request has been served and the response object is to be closed
(a) Termination of service method in the servlet
(b) Amount of content specified in the setContentLength is greater than 0 and has been written to the response
(c) The sendError or sendRedirect method is called
(d) The complete method on AsyncContext is called

Filter
A filter is a Java component that can transform the content of the HTTP requests, responses and header information
The filter has three methods namely init() which is called during the initialization of the filter, doFilter() is called everytime the container determines that the filter should be applied to the current request and destroy() whenever the container decides to remove the filter instance.

Common examples where filter components are used -
1. Authentication
2. Encryption
3. Tokenizing
4. Data compression

Session
Http Protocol is a stateless protocol. To track requests from different clients, different session tracking mechanisms are used.
(a) Cookies
The container sends a cookie to the client and the client sends the cookie to the server on each subsequent request. The standard name of the session tracking cookie is JSESSIONID
(b) SSL Sessions
The encryption technology used in the HTTPS protocol has a built-in mechanism which identifies multiple requests from the same client as part of the session
(c) URL Rewriting
URL Rewriting is used when the client does not accepts the cookie tracking mechanism. In this case, the session id is encoded as a path parameter in the URL string. The name of the parameter must be jsessionid e.g. http://serverurl/index.html;jsessionid=1234
The url rewriting scheme exposes session in the logs and the URL bar

Listeners
The servlet specification includes the capability to track key events in your Web applications through event listeners. A typical servlet event listener example comprises of managing the database connections for servlet. The datbase connection is initialized during the application startup, used by the servlet and cleaned up prior to the application shutdown. More on servlet event listeners can be found here