外文翻譯----servlet和jsp技術(shù)簡(jiǎn)述

1、<p>　　An Overview of Servlet and JSP Technology</p><p>　　Gildas Avoine and Philippe Oechslin</p><p>　　EPFL, Lausanne, Switzerland</p><p>　　1.1 A Servlet's Job</p>&l

2、t;p>　　Servlets are Java programs that run on Web or application servers, acting as a middle layer between requests coming from Web browsers or other HTTP clients and databases or applications on the HTTP server. Their

3、 job is to perform the following tasks, as illustrated in Figure 1-1.</p><p>　　Figure 1-1</p><p>　　1．Read the explicit data sent by the client.</p><p>　　The end user normally enters

4、 this data in an HTML form on a Web page. However, the data could also come from an applet or a custom HTTP client program.</p><p>　　2．Read the implicit HTTP request data sent by the browser.</p><

5、p>　　Figure 1-1 shows a single arrow going from the client to the Web server (the layer where servlets and JSP execute), but there are really two varieties of data: the explicit data that the end user enters in a form

6、and the behind-the-scenes HTTP information. Both varieties are critical. The HTTP information includes cookies, information about media types and compression schemes the browser understands, and so on.</p><p&g

7、t;　　3．Generate the results.</p><p>　　This process may require talking to a database, executing an RMI or EJB call, invoking a Web service, or computing the response directly. Your real data may be in a relat

8、ional database. Fine. But your database probably doesn't speak HTTP or return results in HTML, so the Web browser can't talk directly to the database. Even if it could, for security reasons, you probably would no

9、t want it to. The same argument applies to most other applications. You need the Web middle layer to extract the incom</p><p>　　4．Send the explicit data (i.e., the document) to the client.</p><p&g

10、t;　　This document can be sent in a variety of formats, including text (HTML or XML), binary (GIF images), or even a compressed format like gzip that is layered on top of some other underlying format. But, HTML is by far

11、the most common format, so an important servlet/JSP task is to wrap the results inside of HTML.</p><p>　　5．Send the implicit HTTP response data.</p><p>　　Figure 1-1 shows a single arrow going fr

12、om the Web middle layer (the servlet or JSP page) to the client. But, there are really two varieties of data sent: the document itself and the behind-the-scenes HTTP information. Again, both varieties are critical to eff

13、ective development. Sending HTTP response data involves telling the browser or other client what type of document is being returned (e.g., HTML), setting cookies and caching parameters, and other such tasks. </p>

14、<p>　　1.2 Why Build Web Pages Dynamically?</p><p>　　many client requests can be satisfied by prebuilt documents, and the server would handle these requests without invoking servlets. In many cases, howe

15、ver, a static result is not sufficient, and a page needs to be generated for each request. There are a number of reasons why Web pages need to be built on-the-fly:</p><p>　　1． The Web page is based on data s

16、ent by the client.</p><p>　　For instance, the results page from search engines and order-confirmation pages at online stores are specific to particular user requests. You don't know what to display until

17、 you read the data that the user submits. Just remember that the user submits two kinds of data: explicit (i.e., HTML form data) and implicit (i.e., HTTP request headers). Either kind of input can be used to build the ou

18、tput page. In particular, it is quite common to build a user-specific page based on a cookie value.</p><p>　　2．The Web page is derived from data that changes frequently.</p><p>　　If the page cha

19、nges for every request, then you certainly need to build the response at request time. If it changes only periodically, however, you could do it two ways: you could periodically build a new Web page on the server (indepe

20、ndently of client requests), or you could wait and only build the page when the user requests it. The right approach depends on the situation, but sometimes it is more convenient to do the latter: wait for the user reque

21、st. For example, a weather report or news hea</p><p>　　3．The Web page uses information from corporate databases or other server-side sources.</p><p>　　If the information is in a database, you ne

22、ed server-side processing even if the client is using dynamic Web content such as an applet. Imagine using an applet by itself for a search engine site:</p><p>　　"Downloading 50 terabyte applet, please

23、wait!" Obviously, that is silly; you need to talk to the database. Going from the client to the Web tier to the database (a three-tier approach) instead of from an applet directly to a database (a two-tier approach)

24、 provides increased flexibility and security with little or no performance penalty. After all, the database call is usually the rate-limiting step, so going through the Web server does not slow things down. In fact, a th

25、ree-tier approach is ofte</p><p>　　In principle, servlets are not restricted to Web or application servers that handle HTTP requests but can be used for other types of servers as well. For example, servlets

26、could be embedded in FTP or mail servers to extend their functionality. And, a servlet API for SIP (Session Initiation Protocol) servers was recently standardized (see http://jcp.org/en/jsr/detail?id=116). In practice, h

27、owever, this use of servlets has not caught on, and we'll only be discussing HTTP servlets.</p><p>　　1.3 The Advantages of Servlets Over "Traditional" CGI</p><p>　　Java servlets ar

28、e more efficient, easier to use, more powerful, more portable, safer, and cheaper than traditional CGI and many alternative CGI-like technologies.</p><p>　　1．Efficient</p><p>　　With traditional

29、CGI, a new process is started for each HTTP request. If the CGI program itself is relatively short, the overhead of starting the process can dominate the execution time. With servlets, the Java virtual machine stays runn

30、ing and handles each request with a lightweight Java thread, not a heavyweight operating system process. Similarly, in traditional CGI, if there are N requests to the same CGI program, the code for the CGI program is loa

31、ded into memory N times. With servlets, how</p><p>　　2．Convenient</p><p>　　Servlets have an extensive infrastructure for automatically parsing and decoding HTML form data, reading and setting HT

32、TP headers, handling cookies, tracking sessions, and many other such high-level utilities. In CGI, you have to do much of this yourself. Besides, if you already know the Java programming language, why learn Perl too? You

33、're already convinced that Java technology makes for more reliable and reusable code than does Visual Basic, VBScript, or C++. Why go back to those languages for</p><p>　　3．Powerful</p><p>　

34、　Servlets support several capabilities that are difficult or impossible to accomplish with regular CGI. Servlets can talk directly to the Web server, whereas regular CGI programs cannot, at least not without using a serv

35、er-specific API. Communicating with the Web server makes it easier to translate relative URLs into concrete path names, for instance. Multiple servlets can also share data, making it easy to implement database connection

36、 pooling and similar resource-sharing optimizations. Servlets</p><p>　　4．Portable</p><p>　　Servlets are written in the Java programming language and follow a standard API. Servlets are supported

37、 directly or by a plugin on virtually every major Web server. Consequently, servlets written for, say, Macromedia JRun can run virtually unchanged on Apache Tomcat, Microsoft Internet Information Server (with a separate

38、plugin), IBM WebSphere, iPlanet Enterprise Server, Oracle9i AS, or StarNine WebStar. They are part of the Java 2 Platform, Enterprise Edition (J2EE; see http://java.sun.com/j2ee</p><p>　　5．Inexpensive</p&

39、gt;<p>　　A number of free or very inexpensive Web servers are good for development use or deployment of low- or medium-volume Web sites. Thus, with servlets and JSP you can start with a free or inexpensive server

40、and migrate to more expensive servers with high-performance capabilities or advanced administration utilities only after your project meets initial success. This is in contrast to many of the other CGI alternatives, whic

41、h require a significant initial investment for the purchase of a proprietary</p><p>　　Price and portability are somewhat connected. For example, Marty tries to keep track of the countries of readers that sen

42、d him questions by email. India was near the top of the list, probably #2 behind the U.S. Marty also taught one of his JSP and servlet training courses (see http://courses.coreservlets.com/) in Manila, and there was grea

43、t interest in servlet and JSP technology there.</p><p>　　Now, why are India and the Philippines both so interested? We surmise that the answer is twofold. First, both countries have large pools of well-educa

44、ted software developers. Second, both countries have (or had, at that time) highly unfavorable currency exchange rates against the U.S. dollar. So, buying a special-purpose Web server from a U.S. company consumed a large

45、 part of early project funds.</p><p>　　But, with servlets and JSP, they could start with a free server: Apache Tomcat (either standalone, embedded in the regular Apache Web server, or embedded in Microsoft I

46、IS). Once the project starts to become successful, they could move to a server like Caucho Resin that had higher performance and easier administration but that is not free. But none of their servlets or JSP pages have to

47、 be rewritten. If their project becomes even larger, they might want to move to a distributed (clustered) enviro</p><p><b>　　6．Secure</b></p><p>　　One of the main sources of vulnerab

48、ilities in traditional CGI stems from the fact that the programs are often executed by general-purpose operating system shells. So, the CGI programmer must be careful to filter out characters such as backquotes and semic

49、olons that are treated specially by the shell. Implementing this precaution is harder than one might think, and weaknesses stemming from this problem are constantly being uncovered in widely used CGI libraries.</p>

50、<p>　　A second source of problems is the fact that some CGI programs are processed by languages that do not automatically check array or string bounds. For example, in C and C++ it is perfectly legal to allocate a

51、 100-element array and then write into the 999th "element," which is really some random part of program memory. So, programmers who forget to perform this check open up their system to deliberate or accidental

52、buffer overflow attacks.</p><p>　　Servlets suffer from neither of these problems. Even if a servlet executes a system call (e.g., with Runtime.exec or JNI) to invoke a program on the local operating system,

53、it does not use a shell to do so. And, of course, array bounds checking and other memory protection features are a central part of the Java programming language.</p><p>　　7．Mainstream</p><p>　　T

54、here are a lot of good technologies out there. But if vendors don't support them and developers don't know how to use them, what good are they? Servlet and JSP technology is supported by servers from Apache, Orac

55、le, IBM, Sybase, BEA, Macromedia, Caucho, Sun/iPlanet, New Atlanta, ATG, Fujitsu, Lutris, Silverstream, the World Wide Web Consortium (W3C), and many others. Several low-cost plugins add support to Microsoft IIS and Zeus

56、 as well. They run on Windows, Unix/Linux, MacOS, VMS, and IBM main</p><p>　　Of course, popularity alone is no proof of good technology. Numerous counter-examples abound. But our point is that you are not ex

57、perimenting with a new and unproven technology when you work with server-side Java.</p><p>　　Servlet和JSP技術(shù)簡(jiǎn)述</p><p>　　Gildas Avoine and Philippe Oechslin</p><p>　　EPFL, Lausanne, Sw

58、itzerland</p><p>　　1.1 Servlet的功能</p><p>　　Servlets是運(yùn)行在Web或應(yīng)用服務(wù)器上的Java程序，它是一個(gè)中間層，負(fù)責(zé)連接來(lái)自Web瀏覽器或其他HTTP客戶程序的請(qǐng)求和HTTP服務(wù)器上的數(shù)據(jù)庫(kù)或應(yīng)用程序。Servlet的工作是執(zhí)行西門(mén)的任務(wù)，如圖1.1所示 。</p><p>　　圖1.1Web中間件的作用<

59、/p><p>　　讀取客戶發(fā)送的顯式數(shù)據(jù)。</p><p>　　最終用戶一般在頁(yè)面的HTML表單中輸入這些數(shù)據(jù)。然而，數(shù)據(jù)還有可能來(lái)自applet或定制的HTTP客戶程序。</p><p>　　讀取由瀏覽器發(fā)送的隱式請(qǐng)求數(shù)據(jù)。</p><p>　　圖1.1中顯示了一條從客戶端到Web服務(wù)器的單箭頭，但實(shí)際上從客戶端傳送到Web服務(wù)器的數(shù)據(jù)有兩種，

60、它們分別為用戶在表單中輸入的顯式數(shù)據(jù)，以及后臺(tái)的HTTP信息。兩種數(shù)據(jù)都很重要。HTTP信息包括cookie、瀏覽器所能識(shí)別的媒體類型和壓縮模式等。</p><p><b>　　生成結(jié)果。</b></p><p>　　這個(gè)過(guò)程可能需要訪問(wèn)數(shù)據(jù)庫(kù)、執(zhí)行RMI或EJB調(diào)用、調(diào)用Web服務(wù)，或者直接計(jì)算得出對(duì)應(yīng)的響應(yīng)。實(shí)際的數(shù)據(jù)可能存儲(chǔ)在關(guān)系型數(shù)據(jù)庫(kù)中。該數(shù)據(jù)庫(kù)可能不理解H

61、TTP，或者不能返回HTML形式的結(jié)果，所有Web瀏覽器不能直接與數(shù)據(jù)庫(kù)進(jìn)行會(huì)話。即使它能夠做到這一點(diǎn)，為了安全上的考慮，我們也不希望讓它這么做。對(duì)應(yīng)大多數(shù)其他應(yīng)用程序，也存在類似的問(wèn)題。因此，我們需要Web中間層從HTTP流中提取輸入數(shù)據(jù)，與應(yīng)用程序會(huì)話，并將結(jié)果嵌入到文檔中。</p><p>　　向客戶發(fā)送顯式數(shù)據(jù)（即文檔）。</p><p>　　這個(gè)文檔可以用各種格式發(fā)送，包括文本（

62、HTML或XML），二進(jìn)制（GIF圖），甚至可以式建立在其他底層格式之上的壓縮格式，如gzip。但是，到目前為止，HTML式最常用的格式，故而servelt和JSP的重要任務(wù)之一就式將結(jié)果包裝到HTML中。</p><p>　　發(fā)送隱式的HTTP響應(yīng)數(shù)據(jù)。</p><p>　　圖1.1中顯示了一條從Web中間層到客戶端的單箭頭。但是，實(shí)際發(fā)送的數(shù)據(jù)有兩種：文檔本身，以及后臺(tái)的HTTP信息。

63、同樣，兩種數(shù)據(jù)對(duì)開(kāi)發(fā)來(lái)說(shuō)都式至關(guān)重要的。HTTP響應(yīng)數(shù)據(jù)的發(fā)送過(guò)程涉及告知瀏覽器或其他客戶程序所返回文檔的類型（如HTML），設(shè)置cookie和緩存參數(shù)，以及其他類似的任務(wù)。</p><p>　　1.2 動(dòng)態(tài)構(gòu)建網(wǎng)頁(yè)的原因</p><p>　　預(yù)先建立的文檔可以滿足客戶的許多請(qǐng)求，服務(wù)器無(wú)需調(diào)用servlet就可以處理這些請(qǐng)求。然而，許多情況下靜態(tài)的結(jié)果不能滿足要求，我們需要針對(duì)每個(gè)請(qǐng)求生

64、成一個(gè)頁(yè)面。實(shí)時(shí)構(gòu)建頁(yè)面的理由有很多種：</p><p>　　1、網(wǎng)頁(yè)基于客戶發(fā)送的數(shù)據(jù)。</p><p>　　例如，搜索引擎生成的頁(yè)面，以及在線商店的訂單確認(rèn)頁(yè)面，都要針對(duì)特定的用戶請(qǐng)求而產(chǎn)生。在沒(méi)有讀取到用戶提交的數(shù)據(jù)之前，我們不知道應(yīng)該顯示什么。要記住，用戶提交兩種類型的數(shù)據(jù)：顯示（即HTML表單的數(shù)據(jù)）和隱式（即HTTP請(qǐng)求的報(bào)頭）。兩種輸入都可用來(lái)構(gòu)建輸出頁(yè)面?；赾ookie值

65、針對(duì)具體用戶構(gòu)建頁(yè)面的情況尤其普遍。</p><p>　　2、頁(yè)面由頻繁改變的數(shù)據(jù)導(dǎo)出。</p><p>　　如果頁(yè)面需要根據(jù)每個(gè)具體的請(qǐng)求做出相應(yīng)的改變，當(dāng)然需要在請(qǐng)求發(fā)生時(shí)構(gòu)建響應(yīng)。但是，如果頁(yè)面周期性地改變，我們可以用兩種方式來(lái)處理它：周期性地在服務(wù)器上構(gòu)建新的頁(yè)面（和客戶請(qǐng)求無(wú)關(guān)），或者僅僅在用戶請(qǐng)求該頁(yè)面時(shí)再構(gòu)建。具體應(yīng)該采用哪種方式要根據(jù)具體情況而定，但后一種方式常常更為方便，

66、因?yàn)樗恍韬?jiǎn)單地等待用戶的請(qǐng)求。例如，天氣預(yù)報(bào)或新聞網(wǎng)站可能會(huì)動(dòng)態(tài)地構(gòu)建頁(yè)面，也有可能會(huì)返回之前構(gòu)建的頁(yè)面（如果它還是最新的話）。</p><p>　　3、頁(yè)面中使用了來(lái)自公司數(shù)據(jù)庫(kù)或其他數(shù)據(jù)庫(kù)斷數(shù)據(jù)源的信息。</p><p>　　如果數(shù)據(jù)存儲(chǔ)在數(shù)據(jù)庫(kù)中，那么，即使客戶端使用動(dòng)態(tài)Web內(nèi)容，比如applet，我們依舊需要執(zhí)行服務(wù)器端處理。想象以下，如果一個(gè)搜索引擎網(wǎng)站完全使用applet，

67、那么用戶將會(huì)看到：“正在下載50TB的applet，請(qǐng)等待！”。顯然，這樣很愚蠢；這種情況下，我們需要與數(shù)據(jù)庫(kù)進(jìn)行會(huì)話。從客戶端到Web層再到數(shù)據(jù)庫(kù)（三層結(jié)構(gòu)），要比從applet直接到數(shù)據(jù)庫(kù)（二層結(jié)構(gòu)）更靈活，也更安全，而性能上的損失很少甚至沒(méi)有。畢竟數(shù)據(jù)庫(kù)調(diào)用通常是對(duì)速度影響最大的步驟，因而，經(jīng)過(guò)中間層可以執(zhí)行高速緩存和連接共享。</p><p>　　理論上講，servelt并非只用于處理HTTP請(qǐng)求的Web

68、服務(wù)器或應(yīng)用服務(wù)器，它同樣可以用于其他類型的服務(wù)器。例如，servlet能夠嵌入到FTP或郵件服務(wù)器中，擴(kuò)展他們的功能。而且，用于會(huì)話啟動(dòng)協(xié)議服務(wù)器的servlet API最近已經(jīng)被標(biāo)準(zhǔn)化（參見(jiàn)http://jcp.org/en/jsr/detail?id=116）。但在實(shí)踐中，servelt的這種用法尚不流行，在此，我們只論述HTTP Servlet。</p><p>　　1.3 Servlet相對(duì)于“傳統(tǒng)”C

69、GI的優(yōu)點(diǎn)</p><p>　　和傳統(tǒng)CGI及許多類CGI技術(shù)相比，Java servelt效率更高、更易用、更強(qiáng)大、更容易移植、更安全、也更廉價(jià)。</p><p><b>　　1、效率</b></p><p>　　應(yīng)用傳統(tǒng)的CGI，針對(duì)每個(gè)HTTP請(qǐng)求都用啟動(dòng)一個(gè)新的進(jìn)程。如果CGI程序自身相對(duì)比較簡(jiǎn)短，那么啟動(dòng)進(jìn)程的開(kāi)銷會(huì)占用大部分執(zhí)行時(shí)間

70、。而使用servelt，Java虛擬機(jī)會(huì)一直運(yùn)行，并用輕量級(jí)的Java線程處理每個(gè)請(qǐng)求，而非重量級(jí)的操作系統(tǒng)進(jìn)程。類似地，應(yīng)用傳統(tǒng)的CGI技術(shù)，如果存在對(duì)同一CGI程序的N個(gè)請(qǐng)求，那么CGI程序的代碼會(huì)載入內(nèi)存N次。同樣的情況，如果使用servlet則啟動(dòng)N個(gè)線程，單僅僅載入servlet類的單一副本。這種方式減少了服務(wù)器的內(nèi)存需求，通過(guò)實(shí)例化更少的對(duì)象從而節(jié)省了時(shí)間。最后，當(dāng)CGI程序結(jié)束對(duì)請(qǐng)求的處理之后，程序結(jié)束。這種方式難以緩存計(jì)

71、算結(jié)果，保持?jǐn)?shù)據(jù)庫(kù)連接打開(kāi)，或是執(zhí)行依靠持續(xù)性數(shù)據(jù)的其他優(yōu)化。然而，servelt會(huì)一直停留在內(nèi)存中（即使請(qǐng)求處理完畢），因而可以直接存儲(chǔ)客戶請(qǐng)求之間的任意復(fù)雜數(shù)據(jù)。</p><p><b>　　2、便利</b></p><p>　　Servelt提供大量的基礎(chǔ)構(gòu)造，可以自動(dòng)分析和解碼HTML的表單數(shù)據(jù)，讀取和設(shè)置HTTP報(bào)頭，處理cookie，跟蹤會(huì)話，以及其他次類

72、高級(jí)功能。而在CGI中，大部分工作都需要我們資金完成。另外，如果您已經(jīng)了解了Java編程語(yǔ)言，為什么還有學(xué)校Perl呢？您已經(jīng)承認(rèn)應(yīng)用Java技術(shù)編寫(xiě)的代碼要比Visual Basic，VBScript或C＋＋編寫(xiě)的代碼更可靠，且更易重用，為什么還有倒退回去選擇那些語(yǔ)言來(lái)開(kāi)發(fā)服務(wù)器端的程序呢？</p><p><b>　　3、強(qiáng)大</b></p><p>　　Serv

73、let支持常規(guī)CGI難以實(shí)現(xiàn)或根本不能實(shí)現(xiàn)的幾項(xiàng)功能。Servlet能夠直接于Web服務(wù)器對(duì)話，而常規(guī)的CGI程序做不到這一點(diǎn)，至少在不使用服務(wù)器專有API的情況下是這樣。例如，與Web服務(wù)器的通信使得講相對(duì)URL轉(zhuǎn)換成具體的路徑名變得更為容易。多個(gè)servelt還可以共享數(shù)據(jù)，從而易于實(shí)現(xiàn)數(shù)據(jù)庫(kù)連接共享和類似的資源共享優(yōu)化。Servelt還能維護(hù)請(qǐng)求之間的信息，使得諸如會(huì)話跟蹤和計(jì)算結(jié)果緩存等技術(shù)變得更為簡(jiǎn)單。</p>

74、<p><b>　　4、可移植性</b></p><p>　　Servelt使用Java編程語(yǔ)言，并且遵循標(biāo)準(zhǔn)的API。所有主要的Web服務(wù)器。實(shí)際上都直接或通過(guò)插件支持servlet。因此。為Macromedia JRun編寫(xiě)的servlet，可以不經(jīng)過(guò)任何修改地在Apache Tomcat，Microsoft Internet Information Server，IBM We

75、bSphere 。iPlanet Enterprise Server。Oracle9i AS 或者StrNine WebStar上運(yùn)行。他們是java2平臺(tái)企業(yè)版的一部分，所以對(duì)servlet的支持越來(lái)越普遍。</p><p><b>　　5、廉價(jià)</b></p><p>　　對(duì)于開(kāi)發(fā)用的網(wǎng)站、低容量或中等容量網(wǎng)站的部署，有大量免費(fèi)或極為廉價(jià)的Web服務(wù)器可供選擇。因

76、此，通過(guò)使用servelt和jsp，我們可以從免費(fèi)或廉價(jià)的服務(wù)器開(kāi)始，在項(xiàng)目獲得初步成功后，在移植到更高性能或高級(jí)管理工具的昂貴的服務(wù)器上。這與其他CGI方案形成鮮明的對(duì)比，這些CGI方案在初期都需要為購(gòu)買專利軟件包投入大量的資金。</p><p>　　價(jià)格和可移植性在某種程度上是相互關(guān)聯(lián)的。例如，Marty記錄了所有通過(guò)電子郵件向他發(fā)送問(wèn)題的讀者的所在國(guó)。印度接近列表的頂端，可能僅次于美國(guó)。Marty曾在馬尼拉

77、講授過(guò)jsp和servlet培訓(xùn)課程，那兒對(duì)servelt和jsp技術(shù)抱很大的興趣。</p><p>　　那么，為什么印度和菲律賓都對(duì)這項(xiàng)技術(shù)著呢感興趣呢？我們推測(cè)答案可能分兩部分。首先，這兩個(gè)國(guó)家都擁有大量訓(xùn)練有素的軟件開(kāi)發(fā)人員。其次，這兩個(gè)國(guó)家的貨幣對(duì)美元的匯率都極為不利。因此，從美國(guó)公司那里購(gòu)買專用Web服務(wù)器會(huì)消耗掉項(xiàng)目的大部分前期資金。</p><p>　　但是，使用servle

78、t 和JSP，他們能夠從免費(fèi)的服務(wù)器開(kāi)始：Apache Tomcat。項(xiàng)目取得成功之后，他們可以轉(zhuǎn)移到性能更高、管理更容易，但需要付費(fèi)的服務(wù)器。他們的servelt和jsp不需要重寫(xiě)編寫(xiě)。如果他們的項(xiàng)目變得更龐大，他們或許希望轉(zhuǎn)移到分布式環(huán)境。沒(méi)有問(wèn)題：他們可以轉(zhuǎn)而使用Macromedia JRun Professional，該服務(wù)器支持分布式應(yīng)用。同樣，他們的servelt和jsp沒(méi)有任何部分需要重寫(xiě)。如果項(xiàng)目變得極為龐大，錯(cuò)綜復(fù)雜，

79、他們或許希望使用Enterprise JavaBeans來(lái)封裝他們的商業(yè)邏輯。因此，他們可以切換到BEA WebLogic或Oracle9i AS。同樣，不需要對(duì)servlet和jsp做出更改。最后，如果他們的項(xiàng)目變得更龐大，他們或許將他從Linux轉(zhuǎn)移到運(yùn)行IBM WebSphere的IBM大型機(jī)上。他們還是不需要做出任何更改。</p><p><b>　　6、安全</b></p&g

80、t;<p>　　傳統(tǒng)CGI程序中主要的漏洞來(lái)源之一就是，CGI程序常常由通過(guò)的操作系統(tǒng)外殼來(lái)執(zhí)行。因此,CGI程序必須仔細(xì)地過(guò)濾掉那些可能被外殼特殊處理的字符，如反引導(dǎo)和分號(hào)。實(shí)現(xiàn)這項(xiàng)預(yù)防措施的難度可能超出我們的想象，在廣泛應(yīng)用的CGI庫(kù)中，不斷發(fā)現(xiàn)由這類問(wèn)題引發(fā)的弱點(diǎn)。</p><p>　　問(wèn)題的第二個(gè)來(lái)源是，一些CGI程序用不自動(dòng)檢查數(shù)組和字符串邊界的語(yǔ)言編寫(xiě)而成。例如，在C和C＋＋中，可以分配

81、一個(gè)100個(gè)元素的數(shù)組，然后向第999個(gè)“元素“寫(xiě)入數(shù)據(jù)——實(shí)際上是程序內(nèi)存的隨機(jī)部分，這完全合法。因而，如果程序員忘記執(zhí)行這項(xiàng)檢查，就會(huì)將系統(tǒng)暴露在蓄意或偶然的緩沖區(qū)溢出攻擊之下。</p><p>　　Servelt不存在這些問(wèn)題。即使servelt執(zhí)行系統(tǒng)調(diào)用激活本地操作系統(tǒng)上的程序，它也不會(huì)用到外殼來(lái)完成這項(xiàng)任務(wù)。當(dāng)然，數(shù)組邊界的檢查以及其他內(nèi)存包含特性是java編程語(yǔ)言的核心部分。</p>

82、<p><b>　　7、主流</b></p><p>　　雖然存在許多很好的技術(shù)，但是，如果提供商助支持他們，或開(kāi)發(fā)人員不知道如何使用這些技術(shù)，那么它們的優(yōu)點(diǎn)又如何體現(xiàn)呢？servelt和jsp技術(shù)得到服務(wù)器提供商的廣泛支持，包括Apache，Oracle，IBM，Sybase，BEA，Maromedia，Causho，Sun/iPlanet，New Atlanta，ATG，F(xiàn)uj

83、itsu，Lutris，Silverstream，World Wide Web Consortinrm ，以及其他服務(wù)器。存在幾種低廉的插件，通過(guò)應(yīng)用這些插件，Microsoft IIS和Zeus也同樣支持servlet和jsp技術(shù)，它們運(yùn)行在Windows，Unix/Linus,MacOS,VMS，和IBM大型機(jī)操作系統(tǒng)之上。它們用在航空業(yè)、電子商務(wù)、在線銀行、web搜索引擎、門(mén)戶、大型金融網(wǎng)站、以及成百上千您日常光顧的其他網(wǎng)站。&l