DS 435 -- Elliott Web Server Implementation </center>

5.9 updates:

Removed two checklist items referring to obsolete directory

Program Two Simple Multi-threaded Web Server

Overview:

In this program you will follow through the steps of capturing the http stream between existing clients and servers, and write a web server that supports this same protocol. It builds on the JokeServer, which application does much of the same work. While the text of the assignment is quite long, the application itself is quite straightforward, and you might be surprised at how easily it can be written.

There are four+ phases in the development process:

Capture the HTTP protocol first-hand by developing some hacking / debugging skills (hacking in the good sense).
Return simple, static files on request from a browser client.
Return dynamically created HTML (build a directory HTML page dynamically)
Accept FORM input from the user and do back-end processing on the server to return computed values in (simple!) dynamically-created HTML.
Add features of your own choosing, if you like.

See the MyWebServer Tips file for some suggestions once you get coding.

Run at port 2540 in the server directory!

In all cases these following specifications take precedence: The web server must run at port http://localhost:2540. It must, by default, serve files from the directory in which the web server is started, including dog.txt, cat.html, and lion.wml. The source code should be contained in a single, stand-alone file name MyWebServer.java.txt ready to compile and run. If you insist on (yes the more precise) use of packages, then there must be explicit, simple, step-by-step instructions on how to compile and start your web server. Subdirectories should be recursed from the default directory in which the server is started.

Special Security Note!!!!

I expect that you will find that this is not a particularly difficult assignment. If so, you will soon have a viable, running, webserver of your own creation. If you are developing on a machine that is also connected to the internet this means that you might well expose all of the files on your local machine (or any remote machine where you might be running) to evil hackers from around the world who are anxious to steal information from your files. In the worst case this information would allow them write access to your disk, and/or put financial/personal information in their hands. So -- be careful, hard-code into your server that you only return files from your root server directory of unimportant files, keep your firewall on, etc. Becareful about the "../.." form of URLS, which would allow someone to retrieve files from above your server's directory. For particularly sensitive machines you can always simply unplug your internet connection while running your server.

Administration:

Special note to ECT425 students: These instructions override all other submission instructions that may appear in this assignment:
1. Use standard .java file extensions for all Java files
2. Zip all your submission files together into one .zip file, and submit this to COL
3. Ignore any references to putting something in your "dark information directory" we do not have these for ECT425.
Submission files: MyListener.java.txt, MyWebServer.java.txt, http-streams.txt, serverlog.txt, [comments.html is optional]
Programs that do not conform to the submisson and structure rules will not be graded. Please do not ask for an exception to this policy.
This takes PRECEDENCE over any conflicting information: Your websever must, by default, serve directories, and files, from the directory in which it runs so that I can test it. If you want also to implement something more sophisticated, then use a flag in your code, but set the flag to the default directory for me before submitting.
Copy the checklist for this programming assignment. Fill it in carefully, and submit it to COL along with your programs and output.
Refer to the InetServer PDF document, and the lecture, for the basic program on which you build. Most of you will have completed this assignment, and extended it, well in advance of the MyWebServer program.

Capturing HTTP:

Copy your InetServer.java source (or your jokeserver) to a file called MyListener.java. Modify, and simplify, the code so that it simply displays everything sent to it on the server console. Have it send back a valid ascii-based response to the client, acknowledging receipt of the "request" ( but note that this is just some minor elegance, not really needed).
That is, if the client sends the message, "ABC Hello there in Server land! " then the server will display the message "ABC Hello there in Server land! " on the server console, and send some message such as "Got your request" back to the client.
You now have a simple "listener" program which echos all input on the server console .
If you want to be fancy, your MyListener program can, in addition to the console display, also send all of the information back to the client as HTML-formatted data. This is not required, and note that you will have to send back the corrent MIME type for HMTL: "Content-Type: text/html [cr/lf] [cr/lf]" (see below).
Start MyListener and connect to it with internet explorer as follows: (if you wish you can use another browser, but for simplicity in grading, your finished product must be compatible with IE). Make valid webserver requests of MyListener by entering URLS such as http://localhost:2566/~elliott/dog.txt, http://localhost:2566/~elliott/cat.html, and http://localhost:2566/~elliott/lion.wml. Notice, and record, what the browser sends your MyListener program in each case (it is displayed on the server console). This is the HTTP stream that the browser sends when it is requesting files from a web server. You have now hacked it.
Capture the output from MyListener into some file, for submission as part of the assignment.
Note that the port number is whatever you have chosen for your MyListener (where mine happened to be 2566 --- but note that 2540 is used for the MyWebServer program), and the namestring should be whatever the name is for your shrike account (where mine happens to be elliott). [Using your shrike acocunt name is not relevant to this step, because we are not having anything to do with the shrike here, but it will be important in future steps.]

For example, following the above procedure, while running my listener at port 2566, I get the following information for a request of dog.txt in the (hypothetical) root web server directory for elliott:

 
C:\dp\420\java>java MyListener

Clark Elliott's Port listener running at 2566.

GET /~elliott/dog.txt HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Host: localhost:2566
Connection: Keep-Alive

(Note: you may wish to experiment with "Connection: close" with your
webserver if you are having buffering problems.)

We are now going to use the HTTP stream we have just captured to manually retrieve files from a web server.
1. Log into the shrike and use an editor to create some VERY SIMPLE files dog.txt, cat.html and lion.wml. Optionally you can create the files elsewhere and use ftp to move them to your public_html directory. Dog and cat should be easy as an html file and a text file. You can use Lion.wml as an example wireless markup language file. [To make it easier to view, I changed to the .wml.txt extension. You should "view source" and save it as "lion.wml"]
2. Verify that the files are accessible from the web on shrike by retrieving dog and cat with a web browser.
3. Log into shrike, or some other unix machine, using telnet or ssh. Repeat the following steps until you are comfortable, then start a "script" session, or use emacs, or some other mechanism, to capture your output for later use.
4. Use the telnet program to manually enter into a dialog with the shrike, or some other, web server [you do not need to connect to the server where you are currently logged in]. I recommend working from a standard ssh-or-telnet/command shell session under unix, because under Windows the command shell will usually close when the web server disconnects, before you can get a look at your response. That is, we are *working* under a unix command shell through ssh or telnet as our working environment, and we also, incidentally, just *happen* to be working on the subject matter of telnet. [To say a different way: we are using ssh (or telnet, possibly) to LOG IN to a unix system, and then, next, FROM THERE, are going to use telnet to speak to a web server. You might ask, why not simply use a command window from Windows and run telnet from there to the web server? The answer is that the default telnet under windows does not typically display all of the information we want to capture. So, we first log in to a unix system to use the unix version of telnet (which DOES display everything we want), and, as it happens, we use telnet, or ssh, to do so.] In addition, we are working on the shrike for convenience, and just happen to be connecting to the web server that is running on shrike, because that is where we put our files. However, we could just as easily work on hawk.depaul.edu, and manually get files from the web server at www.cnn.com.
  You will connect at port 80 instead of the default telnet port of 23, because you want to talk to the web server, instead of the telnet server.
  Do this by entering the shell command,
```
telnet students.depaul.edu 80
```
  The shrike web server is now waiting for input from you.
5. Enter the valid HTTP request stream that you captured using your listener, for retrieving the file dog.txt from a web server. Note that you will have to be careful to include all of the necessary information, including carriage return / linefeeds (cr/lfs), and that you will have to make changes as needed for the different server. You could probably use cut and paste if you were clever, but unless you do this many times it is probably not worth it.
  Hint: some of the information, such as the "Accept" and "User-Information" info is not needed by the web server, and you can find this through experimentation.
If you enter the HTTP correctly the web server will now send your requested file back to you as an ascii stream response to your telnet client. If you enter it incorrectly you will still usually get some kind of valid response, albeit one containing an error message.

Here is a sample session, yours will be similar, but may differ in some of the details (for example, I am not using the shrike web server):

 
students> script

students> telnet condor.depaul.edu 80

GET /~elliott/dog.txt HTTP/1.1
Host: condor.depaul.edu:80

[Elliott note: two carriage return / linefeeds (crlfs)  go here.]

and we get back the response something like the following:

 
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2005 18:09:38 GMT
Server: Apache/2.0.53  HP-UX_Apache-based_Web_Server (Unix) PHP/4.3.8
Last-Modified: Fri, 16 Sep 2005 18:08:50 GMT
ETag: "5e1c1-2f-7c517080"
Accept-Ranges: bytes
Content-Length: 47
Content-Type: text/plain

This is Elliott's dog file on condor and hawk.
Connection closed by foreign host.

students>[control-d]  [your session is stored in a file called typescript]

Put this captured output into a file for submission with the assignment.
So, in summary: Create the simple files dog.txt, cat.html, and lion.wml in your home web directory. Verify that they can be reached from the web. Retrieve your files manually using telnet to port 80.
You have now captured both the request coming from a web client, and the response coming from a web server. Ta-duh.

Modify your MultiThreaded server so that it becomes a simple web server.

Goal: Your web server must correctly return requests for files with extensions of .txt, .html, and .wml. This means that it must return the correct MIME headers (That is, the Content-type (followed by two cr/lf), and Content-length headers), as well as the data. This is a server that operates on static data.

Copy your MyListener.java source into a file called MyWebServer.java.
Copy over your files dog.txt, cat.html, and lion.wml to your local machine where you are developing your web server, for later use.
Using the manual responses you captured from the web server (see above), which contains ALL of the information that the web server sends back to a client, including, specifically the MIME type information (Content type) and content length, modify your listener so that it becomes a valid web server by sending back a valid ascii stream, including headers, to the web client.

In practice you need not send back all of the responses. You WILL want to include:

HTTP/1.1 200 OK
Content-Length: 47  [Where 47 is changed to the real length of the data --
     but note that you might make initial tests by just setting this value high]
Content-Type: text/plain  [Where text/plain might also be: text/html, text/vnd.wap.wml]

[followed by two carriage return / linefeeds (crlf), and then the data.]

The following end of line hints might be useful:

 static final byte[] EOL = {(byte) '\r', (byte) '\n'};

or:

outstream.writeBytes("Content-Type: " + ConType + "\r\n\r\n");

or:

outstream.print("\r\n\r\n");



 Configure your sever so that it sends back the correct MIME type
headers for .txt, .html, and .wml files [text/plain, text/html, and
text/vnd.wap.wml, respectively].

 Download and install the  phone
 browser  (a simulated cell phone) to see that your .wml files are
 returned correctly. Note: I *strongly* recommend that you use this older,
 out-of-date, version for our small project because it is about 1/10th the
 size of the current version, and yet meets all our needs. Note: this is
 about a fifteen second installation. Type the URL of your web server .wml
 file into the phone browser, and see if it works. You may need to clear the
 cache from time to time, and/or reboot the phone browser if it gets
 confused. Tip: if you have a real web-enabled cell phone, your server will
 serve these files to it. Try it!

 Use your MyListener, and the telnet trick, for debugging as needed.

Extend your server to include directories:

Goal: Extend your server so that it sends back dynamically constructed data: in this case the HTML-formatted current contents of a directory. This is now a server that operates on dynamic data.

See the ReadFiles.java program for hints on how to read the contents of a directory in Java. [Note: a directory is simply a more-or-less regular file that contains the names of other files in it, along with some associated information.]
Modify your webserver so that it correctly returns a promiscuous display of the server's directory as requested by the client. Note that you may want to include some security here, since you WILL be writing a valid, albeit simple, web server. For example, you might want to restrict access to a certain subdirectory of where the server is running.
1. The first step is to simply send back an ascii (txt) listing of the files in the directory, along with a text/plain MIME header, and the length of your data.
2. The second step is to send back some kind of formatted HTML with a text/html MIME header.
3. The third step (really not that hard) is send back the names of the files as hot-link references such that "clicking-on" them in the browser will cause your server to send back the contents of that file.

Using your telnet http hack, see what a regular server sends back as an html listing of hot-links for files. For example, for the condor.depaul.edu request "GET /~elliott/420/.xyz/" condor sends back the following:




[...]
<h1>Index of /~elliott/420/.xyz</h1>
<pre><img src="/icons/blank.gif" alt="Icon "> <a href="?C=N;O=D">Name</a>                    <a href="?C=M;O=A">Last modified</a>      <a href="?C=S;O=A">Size</a>  <a href="?C=D;O=A">Description</a><hr><img src="/icons/back.gif" alt="[DIR]"> <a href="/~elliott/420/">Parent Directory</a>                             -   
<img src="/icons/text.gif" alt="[TXT]"> <a href="first-file.txt">first-file.txt</a>          16-Sep-2005 14:09   39   
<img src="/icons/text.gif" alt="[TXT]"> <a href="second-file.html">second-file.html</a>        16-Sep-2005 14:09   67   
<img src="/icons/text.gif" alt="[TXT]"> <a href="third-file.wml">third-file.wml</a>          16-Sep-2005 14:09  222   
<img src="/icons/folder.gif" alt="[DIR]"> <a href="z-directory/">z-directory/</a>            16-Sep-2005 15:08    -   
</pre>

Which displays as:


Index of /~elliott/420/.xyz
 Name                    Last modified      Size  Description
 Parent Directory                             -   
 first-file.txt          16-Sep-2005 14:09   39   
 second-file.html        16-Sep-2005 14:09   67   
 third-file.wml          16-Sep-2005 14:09  222   
 z-directory/            16-Sep-2005 15:08    -

We can simplify this as follows:


<pre> 

<h1>Index of /~elliott/420/.xyz</h1>

<a href="/~elliott/420/">Parent Directory</a> <br>
<a href="first-file.txt">first-file.txt</a> <br>
<a href="second-file.html">second-file.html </a><br>
<a href="third-file.wml">third-file.wml</a><br>
<a href="z-directory/">z-directory/</a><br>

Which displays as:

 

Index of /~elliott/420/.xyz

Parent Directory 

first-file.txt 

second-file.html 

third-file.wml

z-directory

Lastly, modify the return from your server so that it sends back links to subdirectories as subdirectory hot links, if you have not already done so. The only hard part is identifying a file as a directory, and typically you can look for a trailing slash ("/").
For some browsers, and browser settings, you may have some difficulties with the directories -- e.g., you might have to send your request twice. Remember that you may be able to capture your request, and use MyListener as a debugger. Also, you might want to experiment with: Connection: Keep-Alive / Connection: close.
Also, you may want to experiment with socket.close() method if your browser is not displaying the data but all else is working.
150 line web server may be of some background use.
You should now have a relatively complete, working, web server, that can recurse subdirectories, and return correct MIME types for three different types of files. Because it is multi-threaded it should be able to handle many hundreds of requests. Good work!

Server-Side scripting and program execution.

Goal: So far everything we have done is relatively straightforward. In this section we add back-end programming capability to your server, or at least simulate it. We create a simple addnums web form , accept input from a user, pass this to our webserver, process the information, and return a computed response based on the input.

For those who are more ambitious, here is a starting link on java's JNI, which allows us to call native code, by loading it into the virtual machine, and then running it. Sun JNI example. In this way we might write programs that actually run arbitrary scripts/programs under the web server.

Alternatively, for those writing in C, the "system()" function will execute any executables as subprocesses, making the running of programs and scripts trival. Note: be very security conscious of running user-input shell commands with the "system()" call, because, e.g., they might have you execute a command to erase all of your files!

Neither method is required. Instead, to keep the programming scope reasonable, we will only simulate the running of back-end scripts. CGI (the Common Gateway Interface) has been around since the beginning of the web, so there are thousands of references on how to use it such as these CGI notes which seem to date from about seven years ago.

Use the given web form that accepts a name and two numbers. On the "action" statement, using the GET method, call a program with the extension ".fake-cgi" with a URL that points to your MyWebServer program. E.g., you might have...
```
<FORM METHOD="GET" ACTION="http://localhost:2566/cgi/addnums.fake-cgi">
```
...which would suggest that you have a script in the /cgi subdirectory of your server, named addnums.fake-cgi that will handle the input from the current HTML form.
Note: Although method = POST is more common, GET is a little simpler, and will suit our needs just fine.
In your webserver, note that the file extension is .fake-cgi. Instead of looking for a file with this extension as you would for .txt and .html treat the input to the server as input to a script. In a regular server you would follow the rules of the Common Gateway Interface (hence CGI) to call a script or executable, and pass it the input. In our case we will simply handle the input in our server itself.
Use your MyListener program to see what the browser is sending when the form is submitted. Note where attribute-value pairs (for num1, num2, and person) are located. Design your method for parsing the input from what the browser is sending you. For exmple, for form-input of "Matilda," and the numbers 4 and 5, you would expect the following to show up in your input stream:
```
 

GET /cgi/addnums.fake-cgi?person=Matilda&num1=4&num2=5 HTTP/1.1
```
Parse the input according to the rules of CGI for GET.
Call a method addnums() in your server to handle the input and return the HTML formatted output to the client, using the correct MIME type, content-length, etc. Note that you must be careful that the working memory for each invocation of addnums() is distinct from all other invocations. Your multi-threaded server may be processing many requests at once.
Send back an HTML page that returns the user's name and also the sum of the two numbers. E.g., "Dear Matilda, the sum of 4 and 5 is 9."
For debugging purposes, always remember that you can send the form to your MyListener program to see exactly what the browser is sending you.

Tu-duh! You have now built a multi-threaded web server that can handle files, directory traversals, and server-side scripting (of sorts).

What you turn in

Capture the HTTP stream from a client using your MyListener Program. Capture the HTTP stream from a server using telnet and something like script, emacs, etc. to capture the text. Concatenate this together, add some brief header comments about what the file contains, and put it in a file called http-streams.txt.
Produce simple "debugging" console output from your webserver showing a series of connections that have been made, what the request string is (dumping the first, informative, characters of the GET request is fine --- no editing needed), and the file names that were returned. Rough output is fine, just showing the general working of your server. Then remove the debugging output if you like. Or, you can produce a log file if you wish. Put the text of this log in a file serverlog.txt.
Concatenate the source code for your server into a file MyWebServer.java.txt (whatever language you wrote it in). Note that I will need to be able to compile and run your program locally, which I often, but not always, do. So, make sure you give me the running version of your source!
Put the source code for your MyListener into a file MyListener.java.txt
Put all the above files in the appropriate directories in the "mywebserver" subdirectory of your dark directory, such that the links from the checklist point to them.
Fill in your checklist.html file representing what you have done.
Collect all of the files into a .zip file, and submit to COL before the due date. Note: for java ALWAYS zip up the .java.txt files, not the .java files.
Good work!

Bragging rights (not required):

Store the MIME types in a table of MIME types and file extensions. Read the table in when the server starts, and also again, while the server is running, if a file extension is not recognized. This way, adding a new MIME type is as simple as adding an entry in your table, and putting files with that extension in your directory.
Bragging rights: HTTP has components for storing cookies on the client through the browser. Implement this, and write a small application that shows this interaction with your server such that the cookie is sent back to the server by the browser on a later invocation.
Bragging rights: implement a security policy for your server. This can become major bragging rights, depending on how far you go.
Major bragging rights: Implement all of the above using HTTPS as well as HTTP. (Note: this is hard.)
Major bragging rights (not recommended): Implement true, if limited, CGI capability by spawing subprocesses to execute back-end programs in real scripting languages. But note: this is actually quite simple if you write your webserver in a native language like C, or PERL, which supports the direct spawning of shell processes on the local machine.