【正文】 or even a pressed format like gzip that is layered on top of some other underlying format. But, HTML is by far the most mon format, so an important servlet/JSP task is to wrap the results inside of HTML. 5． Send the implicit HTTP response data. Figure 11 shows a single arrow going from the Web middle layer (the servlet or JSP page) to the client. But, there are really two varieties of data sent: the document itself and the behindthescenes HTTP information. Again, both varieties are critical to effective development. Sending HTTP response data involves telling the browser or other client what type of document is being returned (., HTML), setting cookies and caching parameters, and other such tasks. Why Build Web Pages Dynamically? many client requests can be satisfied by prebuilt documents, and the server would handle these requests without invoking servlets. In many cases, however, a static result is not sufficient, and a page needs to be generated for each request. There are a number of reasons why Web pages need to be built onthefly: 1． The Web page is based on data sent by the client. For instance, the results page from search engines and orderconfirmation pages at online stores are specific to particular user requests. You don39。re already convinced that Java technology makes for more reliable and reusable code than does Visual Basic, VBScript, or C++. Why go back to those languages for serverside programming? 3． Powerful Servlets support several capabilities that are difficult or impossible to acplish with regular CGI. Servlets can talk directly to the Web server, whereas regular CGI programs cannot, at least not without using a serverspecific API. Communicating with the Web server makes it easier to translate relative URLs into concrete path names, for instance. Multiple servlets can also share data, making it easy to implement database connection pooling and similar resourcesharing optimizations. Servlets can also maintain information from request to request, simplifying techniques like session tracking and caching of previous putations. 4． Portable Servlets are written in the Java programming language and follow a standard API. Servlets are supported directly or by a plugin on virtually every major Web server. Consequently, servlets written for, say, Macromedia JRun can run virtually unchanged on Apache Tomcat, Microsoft Inter Information Server (with a separate plugin), IBM WebSphere, iPla Enterprise Server, Oracle9i AS, or StarNine WebStar. They are part of the Java 2 Platform, Enterprise Edition (J2EE。 Servlet 的工作是執(zhí)行西門的任務(wù)，如圖 所示 。 （ 2） 讀取由瀏覽器發(fā)送的隱式請求數(shù)據(jù)。 （ 3） 生成結(jié)果。即使它能夠做到這一點(diǎn)，為了安全上的考慮，我們也不希望讓它這么做。 這個文檔可以用各種格式發(fā)送，包括文本（ HTML 或 XML），二進(jìn)制（ GIF圖），甚至可以式建立在其他底層格式之上的壓縮格式，如 gzip。但是，實(shí)際發(fā)送的數(shù)據(jù)有兩種：文檔本身，以及后臺的 HTTP 信息。然而，許多情況下靜態(tài)的結(jié)果不能滿足要求，我們需要針對每個請求生成一個頁面。要記住，用戶提交兩種類型的數(shù)據(jù)：顯示（即 HTML 表單的 數(shù)據(jù)）和隱式（即 HTTP 請求的報頭）。 如果頁面需要根據(jù)每個具體的請求做出相應(yīng)的改變，當(dāng)然需要在請求發(fā)生時構(gòu)建響應(yīng)。 頁面中使用了來自公司數(shù)據(jù)庫或其他數(shù)據(jù)庫斷數(shù)據(jù)源的信息。從客戶端到 Web 層再到數(shù)據(jù)庫（三層結(jié)構(gòu)），要比從 applet 直接到數(shù)據(jù)庫（二層結(jié)構(gòu)）更靈活，也更安全，而性能上的損 失很少甚至沒有。而且，用于會話啟動協(xié)議服務(wù)器的 servlet API 最近已經(jīng)被標(biāo)準(zhǔn)化（參見 servelt 的這種用法尚不流行，在此，我們只論述 HTTP Servlet。而使用servelt， Java 虛擬機(jī)會一直運(yùn)行，并用輕量級的 Java 線程處理每個請求，而非重量級的操作系統(tǒng)進(jìn)程。最后，當(dāng) CGI 程序結(jié)束對請求的處理之后，程序結(jié)束。而在CGI 中，大部分工作都需要我們資金完成。多個 servelt 還可以共享數(shù)據(jù)，從而易于實(shí)現(xiàn)數(shù)據(jù)庫連接共享和類似的資源共享優(yōu)化。實(shí)際上都直接或通過插件支持 servlet。 Oracle9i AS 或者 StrNine WebStar 上運(yùn)行。這與其他 CGI 方案形成鮮明的對比，這些 CGI 方案在初期都需要為購買專利軟件包投入大量的資金。Marty 曾在馬尼拉講授過 jsp 和 servlet 培訓(xùn)課程，那兒對 servelt 和 jsp 技術(shù)抱很大的興趣。因此，從美國公司那里購買專用 Web服務(wù)器會消耗掉項(xiàng)目的大部分前期資金。如果他們的項(xiàng)目變得更龐大，他們或許希望轉(zhuǎn)移到分布式環(huán)境。因此，他們可以切換到 BEA WebLogic 或Oracle9i AS。 安全 傳統(tǒng) CGI 程序中主要的漏洞來源之一就是， CGI 程序常常由通過的操作系統(tǒng)外殼來執(zhí)行。例如，在 C 和 C＋＋中，可以分配一個 100 個元素的數(shù)組，然后向第 999 個 “元素 “寫入數(shù)據(jù) ——實(shí)際上是程序內(nèi)存的隨機(jī)部分，這完全合法。當(dāng)然，數(shù)組邊界的檢查以及其他內(nèi)存包含特性是 java 編程語言的核心部分。 當(dāng)然，僅僅是流行并不能證明技術(shù)的優(yōu)越