Hi Josh ! I can help you out with the first part of your really long email (you weren't kidding, were you ?). I, too, had a problem with all those out.println()'s, and there *is* a better solution. You *can* try JSP code, but it becomes difficult to maintain after a while -- especially if you're trying to do some complex processing. My choice would be Velocity (see http://jakarta.apache.org/velocity/index.html ) It's a template engine which makes a very clean (IMHO, at least) division between interface and implementation. How it works is : you create a normal HTML file, but put placeholders in the code that will be populated by your servlet. Then you write a servlet that does the processing and outputs the result as a string which gets inserted into the placeholder. This is a VERY different approach from the more "mainstream" method of JSPs and JavaBeans, which (again IMHO) is too complicated and prone to error. A very good comparison can be found here : http://jakarta.apache.org/velocity/ymtd/ymtd.html
As for the rest of your email ... well, I'll leave it to others more knowledgeable and articulate than myself to explain. Regards, Pascal Chong ----- Original Message ----- From: "JavaJosh" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Monday, March 11, 2002 7:30 AM Subject: Tomcat questions (long) > Hi List, > > I am interested in building a data driven web app with Tomcat 4.0 and > JSP/Servlets, but am new to the field, and have lots of questions. Some > are general, some are specific to Tomcat. Please be patient, as I am > new. Here it goes: > > System design: It seems that managing client state transitions is > difficult. Unlike traditional GUIs, basically all forms are modal. How > do you design around this? I have some ideas below that I would like > some feedback on. > > Implementation: Looking at the servlet code that comes with Tomcat, it > seems very ugly. All those out.println()'s give me the willies! JSP > looks slightly better, since at least Java embedded in HTML is more > readable than HTML embedded in Java! Even the latter can be minimized > with taglibs, right? > > I have read some about FreeMarker and WebMacro. How exactly do these fit > into the equation? > > Finally, regarding the design philosophy behind data-driven > weblications: they are mostly parameterized finite state machines, > right? There is a set of templates which, when requested, are filled > with data, perhaps adjusted in some other, structural way, and served. > Each user may have access to a different set of these templates (for > example, limited by security). Each template may allow the user to > transition to certain other templates. The process repeats during > session lifetime. > > So it seems to me that a state diagram is in order, and each state > corresponds to each HTML page the user sees. State transitions are > basically hyperlinks. Because the number of states (pages) can grow > large, it seems reasonable to expect them to be fairly uniform, and > perhaps "inherit" in some way from a common parent template. Does this > sound right? How can I achieve this? > > (this way of programming is much much different than the event driven > concepts of, say, VB or Swing!) > > So a user logs in, gets a session identifier, and, unless all state > transitions are allowed (the degenerate case), the server must also > track client state, yes? Where can I find out more about how Tomcat > assigns session identifiers and processes URLs to include them? > > If my understanding is correct, it seems that for most web apps 2 > servlets would be adequate: one for login and client instantiation > (assigning session and initial state) and one for all other state > transitions (call it servlet 2). After all, servlet 2 can get the > session and then look up the client state from that, and then determine > valid state transitions, and compare it to what the client requested to > make sure everything is kosher! Logout would be a state transition on > servlet 2, although there might be a polling process checking login time > and auto-change user state when a certain amount of time has elapsed. > > I have a question about this and Tomcat: will servlet 2 be reused for > all client requests? EG does Tomcat instance a copy of that servlet for > every request, in the same way ServerSocket generates new Sockets? Or is > the servlet required to behave linearly (that is, service request 1, > then request 2, etc...)? > > One security concern would be spoofing the session data, probably after > eavesdropping on the tcp stream/http content. This would only be of > concern for the duration of the session, so it might pay to keep the > sessions short. However, I thought of another thing to help prevent > this: log the client IP address and correlate it with the session key. > This won't help in some circumstances, for example if the client is > using NAT behind a firewall and the spoofer is behind there too (so they > look like they have the same IP), or if the spoofer is relatively > sophisticated and forges his packet headers. But still, I think this > would be a useful security measure. That is, if my understanding of HTTP > over TCP is correct, in that a client keeps a TCP connection to the HTTP > server for a relatively long period of time (speaking of which, is there > any way to adjust this time with Tomcat?) > > Another security concern is the login process itself. Are there any > standards for moving the user name password data across the wire > securely, especially ones that Tomcat supports? (HTTPS seems like > overkill, but I don't know, I'm just a newbie.) > > Can this be IP logging idea be done with Tomcat? In other words, is > there a way to determine the Requesters IP address, even though this > info is not necessarily in the HTTP stream? If Tomcat does offer this > information, where does it get it? The HTTP or the actual TCP stream? > > Kind regards, > Josh Rehman > > -----Original Message----- > From: Greg Munger [mailto:[EMAIL PROTECTED]] > Sent: Sunday, March 10, 2002 2:24 PM > To: Tomcat Users List > Subject: mod_webapp.so error "duplicate connection name" > > I just started following this list, but I have tried to look in the > archives and in deja news for an explanation for the "duplicate > connection > name" error. This error occurs when I restart Apache. > > I am using a hosted server where I do not have root. Currently tomcat > 4.0.1 > and apache 1.3 are installed. The Tomcat standalone http server works > fine > at port 8080, and apache is running on port 80. This system is using the > 2.1.3 glibc libraries, so I cannot use the precompiled versions > mod_webapp > (which seem to use 2.2). > > 1. I obtained the source from this url: > http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.1/src/w > ebapp-module-1.0.1-tc401-src.tar.gz > > > 2. built the module: > support/buildconfs.sh > configure --with-apxs > make > > 3. copied apache-1.3/mod_webapp.so to the apache libexec directory > > 4. added the following to httpd.conf > LoadModule webapp_module libexec/mod_webapp.so > ... > AddModule mod_webapp.c > ... > WebAppConnection conn warp localhost:8008 > WebAppDeploy xx conn /xx > > 5. the server.xml file contains the information that came with it: > > <!-- Define an Apache-Connector Service --> > <Service name="Tomcat-Apache"> > <Connector > className="org.apache.catalina.connector.warp.WarpConnector" > port="8008" minProcessors="5" maxProcessors="75" > enableLookups="true" > acceptCount="10" debug="0"/> > <!-- Replace "localhost" with what your Apache "ServerName" is set > to --> > <Engine className="org.apache.catalina.connector.warp.WarpEngine" > name="Apache" debug="0" appBase="webapps"> > <Logger className="org.apache.catalina.logger.FileLogger" > prefix="apache_log." suffix=".txt" > timestamp="true"/> > <Realm className="org.apache.catalina.realm.MemoryRealm" /> > </Engine> > </Service> > > > 6. When I restart apache I get the "duplicate connection name" error > reported for the WebAppConnection statement. > > 7. I have the same setup running locally on a machine where I do have > root > access, and it is working fine. The only difference between the systems > that I am aware of is that it is glibc 2.2. And I am not sure what the > apache version of the hosted system is, but I am pretty sure it is > 1.3.something. > > > -- what causes the "duplicate connection name" errors? > -- are there any other choices for accessing Tomcat through port 80? I > am > aware of using a ProxyPass directive in Apache, but using that approach > static content will always be served by Tomcat. > - what does the "replace localhost..." comment in the server.xml file > mean? > There is no "localhost" parameter in either 4.0.1 or 4.0.3. > > thanks, > Greg > > > Greg Munger - 219-926-7604 - Lake Point Interactive - > www.lpiweb.com > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
