All of which could be lived with, but, the deployment issues are just a show stopper. The client and server classes need to match up exactly once you get past client machines it becomes impossible to manage. Your opinion while no doubt entertaining doesn't answer the question, and the 'show stopper' issue you mention is not valid.
Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown.
The Overflow Blog. Podcast Explaining the semiconductor shortage, and how it might end. Does ES6 make JavaScript frameworks obsolete? Featured on Meta. Now live: A fully responsive profile. Linked 0. TinyHttpd looks for files relative to its current directory, so the pathnames you provide should be relative to that location.
Retrieved some files? Did you notice that when you retrieved an HTML file your web browser automatically generated more requests for items like images that were contained within it? The TinyHttpd application has two classes. The public TinyHttpd class contains the main method of our standalone application.
It begins by creating a ServerSocket , attached to the specified port. It then loops, waiting for client connections and creating instances of the second class, a TinyHttpdConnection thread, to service each request. The while loop waits for the ServerSocket accept method to return a new Socket for each client connection.
The Socket is passed as an argument to construct the TinyHttpdConnection thread that handles it. TinyHttpdConnection is a subclass of Thread. It lives long enough to process one client connection and then dies. After saving the Socket argument for its caller, it adjusts its priority.
On a time-slicing system, this is less important. After our object is constructed, its start method is invoked to bring the run method to life. First, we fetch an OutputStream for talking back to our client. This request is a single newline-terminated String that looks like the GET request we described earlier.
We then parse the contents of req to extract a filename. The next few lines are a brief exercise in string manipulation. We create a StringTokenizer and make sure there are at least two tokens. Then we take the next token which should be a filename , assign it to req , and check whether it begins with a forward slash. If so, we use substring to strip the first character, giving us a filename relative to the current directory.
Finally, we check to see if the requested filename looks like a directory name i. In these cases, we append the familiar default filename index. Once we have the filename, we try to open the specified file and load its contents into a large byte array. If all goes well, we write the data out to the client on the OutputStream. Then we return an appropriate HTTP error message. Finally, we close the socket and return from run , removing our Thread.
We do this so that we can specify the character encoding to use when converting to and from the byte representation of the HTTP protocol messages. For many purposes that may be correct, but in this case we are speaking of a well-defined international protocol, and we should be specific. An important problem with TinyHttpd is that there are no restrictions on the files it will serve.
With a little trickery, the daemon will happily send any file in your filesystem to the client. It would be nice if we could enforce the restriction that TinyHttpd serve only files that are in the current working directory or a subdirectory, as it normally does.
An easy way to do this is to activate the Java Security Manager. Normally, a security manager is used to prevent Java code downloaded over the Net from doing anything suspicious. However, the security manager will serve nicely to restrict file access in our application as well. As a happy bonus, the default file access security policy does just what we want: allows an application access to files in its current working directory and subdirectories.
So simply installing the security manager will provide exactly the kind of file protection that we wanted in this case. If it tries to, the security manager throws an exception and prevents access to the file. In that case, we should have TinyHttpd catch the SecurityException and return a proper message to the web browser.
TinyHttpd still has quite a bit of room for improvement. First, it consumes a lot of memory by allocating a huge array to read the entire contents of the file all at once. A more realistic implementation would use a buffer and send large amounts of data in several passes. Reading and sending the data iteratively would also allow us to handle the contingency where the first read does not return all of the data. In practice, this will not happen when reading from files, but the possibility is left open by the API and a responsible application should handle it.
Have fun with this example and you can learn quite a bit! The Java sockets API is a simplified interface to the general socket mechanisms. In a C environment, where all of the gory details of the network are visible to you, a lot of complex and sometimes esoteric options can be set on sockets to govern the behavior of the underlying protocols. Java gives us access to a few of the important ones. RMI vs. RMI, which makes extensive use of object serialization, can be expressed by the following formula:.
If you are familiar with RMI, you would know that developing distributed object-based applications in RMI is much simpler than using sockets. So why bother with sockets and object serialization then?
Tech Community Register Log in. FaceBook Share. For example, they can be used to set socket options, control address binding, control connection establishment such as to require authentication , and to control data encoding such as to add encryption or compression. When a remote object is exported, such as with the constructors or exportObject methods of java.
UnicastRemoteObject or java. Activatable , then it is possible to specify a custom client socket factory a java. RMIServerSocketFactory instance to be used when communicating remote invocations for that remote object. A client socket factory controls the creation of sockets used to initiate remote invocations and thus can be used to control how connections are established and the type of socket to use. A server socket factory controls the creation of server sockets used to receive remote invocations and thus can be used to control how incoming connections are listened for and accepted as well as the type of sockets to use for incoming connections.
The remote stub for a remote object contains the client socket factory, if any, that the remote object was exported with, and thus a client socket factory must be serializable, and its code may be downloaded by clients just like the code for stub classes or any other serializable object passed over a remote invocation.
0コメント