Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Web Technologies
Outline
• Architectures for dynamic
content publishing
– CGI
– Java Servlet
– Server-side scripting
– JSP tag libraries
Motivations
• Creating pages on the fly based on the user’s
request and from structured data (e.g.,
database content)
• Client-side scripting & components do not
suffice
– They manipulate an existing document/page, do
not create a new one from strutured content
• Solution:
– Server-side architectures for dynamic content
production
Common Gateway
•
Interface
An interface that allows the Web Server to launch
external applications that create pages dynamically
• A kind of «double client-server loop»
What CGI is/is not
• Is is not
– A programming language
– A telecommunication protocol
• It is
– An interface between the web server and tha applications that
defines some standard communication variables
• The interface is implemented through system variables, a
universal mechanism present in all operating systems
• A CGI program can be written in any programming
language
Invocation
• The client specifies in the URI the name
of the program to invoke
• The program must be deployed in a
specified location at the web server
(e.g., the cgi-bin directory)
– http://my.server.web/cgi-bin/xyz.exe
Execution
• The server recognizes from the URI that
the requested resource is an
executable
– Permissions must be set in the web server for
allowing program execution
– E.g., the extensions of executable files must
be explicitly specified
• http://my.server.web/cgi-bin/xyz.exe
Execution
• The web server decodes the
paramaters sent by the client and
initializes the CGI variables
• request_method, query_string, content_length,
content_type
• http://my.server.web/cgi-bin/xyz.exe?par=val
Execution
• The server lauches the program in a
new process
Execution
• The program executes and «prints»
the response on the standard output
Execution
• The server builds the response from the
content emitted to the standard output
and sends it to the client
Handling request parameters
• Client paramaters can be sent in two ways
– With the HTTP GET method
• parameters are appended to the URL (1)
• http://www.myserver.it/cgi-bin/xyz?par=val
– With the HTTP POST method
• Parameters are inserted as an HTTP entity in the
body of the request (when their size is substantial)
• Requires the use of HTML forms to allow users
input data onto the body of the request
– (1) The specification of HTTP does not specify any maximum
URI length, practical limits are imposed by web browser and server
software
HTML
<HTML>
Form
<BODY>
<FORM
action="http://www.mysrvr.it/cgi-bin/xyz.exe"
method=post>
<P> Tell me your name:<p>
<P><INPUT type="text"
NAME="whoareyou"> </p>
<INPUT type="submit"
VALUE="Send">
</FORM>
</BODY>
</HTML>
Structure of a CGI program
Readenvironmentvariable
Executebusines logic
PrintHTMLmarkup
Parameter decoding
Readvariable
Request_metho
d
3. Risposta
5. Set variabili
d'ambiente e
4. Seconda chiamata
richiesta
6. Calcolo Mult.cgi
risposta
7. Invio
risposta
Mult.c
Precedentemente
compilato in...
Mult.cgi
La form (form.html)
<HTML>
<HEAD><TITLE>Form di URL
moltiplicazione</TITLE><HEAD> chiamata
<BODY>
<FORM ACTION="http://www.polimi.it/cgi-bin/run/mult.cgi">
<P>Introdurre i moltiplicandi</P>
<INPUT NAME="m" SIZE="5"><BR/>
<INPUT NAME="n" SIZE="5"><BR/>
<INPUT TYPE="SUBMIT" VALUE="Moltiplica">
</FORM>
<BODY> Vista in un
browser
</HTML>
#include <stdio.h>
Lo script Istruzioni di
stampa della
#include <stdlib.h> risposta
sull'output
int main(void){
char *data;
long m,n;
printf("%s%c%c\n", "Content-Type:text/html;charset=iso-8859-
1",13,10);
Recupero di
printf("<HTML>\n<HEAD>\n<TITLE>Risultato valori dalle
moltiplicazione</TITLE>\n<HEAD>\n"); variabili
printf("<BODY>\n<H3>Risultato d'ambiente
data = getenv("QUERY_STRING");
moltiplicazione</H3>\n");
if(data == NULL)
printf("<P>Errore! Errore nel ricevere i dati dalla form.</P>\n");
else if(sscanf(data,"m=%ld&n=%ld",&m,&n)!=2)
printf("<P>Errore! Dati non validi. Devono essere numerici.</P>\n");
else
printf("<P>Risultato: %ld * %ld = %ld</P>\n",m,n,m*n);
printf("<BODY>\n");
return 0;
}
Compilazione e test locale
• Compilazione: Set manuale della
variabile
$ gcc -o mult.cgi mult.c d'ambiente
contenente la
query string
• Test locale:
$ export QUERY_STRING="m=2&n=3"
$ ./mult.cgi
• Risultato:
Content-Type:text/html;charset=iso-8859-1
<HTML>
<HEAD>
<TITLE>Risultato moltiplicazione</TITLE>
<HEAD>
<BODY>
<H3>Risultato moltiplicazione</H3>
<P>Risultato: 2 * 3 = 6</P>
Considerazioni su CGI
• Possibili problemi di sicurezza
• Prestazioni (overhead)
– creare e terminare processi richiede tempo
– cambi di contesto richiedono tempo
• Processi CGI:
– creati a ciascuna invocazione
– non ereditano stato di processo da invocazioni
precedenti (e.g., connessioni a database)
Riferimenti
• CGI reference:
http://hoohoo.ncsa.uiuc.edu/cgi/overview.ht
ml
• Sicurezza e CGI:
http://www.w3.org/Security/Faq/wwwsf4.ht
ml