[MUSIC] We're going to walk thru a more complicated servlet that does a little bit more to actually extract parameters and validate them that are being sent by the client. So this servlet is moving towards the direction of building the video service that we've been talking about. So we're going to create a simple servlet, and walk through it here. That actually allows clients to send the metadata for videos, just the names and titles and durations. We're not talking yet about actually sending video data, but just the, the basic information to the server. So that it can store in a list, in memory, and then when's client send get request to the server, it can return a list of those videos. So let's take a look at how this actually works. So you can see here that we've got a project called video servlet. And within the project you want to take a look in the source main java folder and underneath this we'll see two important classes that we'll be using. The first one is a video object that we'll be using to store or represent the metadata in the videos. So let's open that object up and what we'll see is this is just a very straight forward Java class. It doesn't inherit from anything unusual or exotic. It's just a simple Java class that we're creating. And it has member variables to store the name of a video, the URL, and the duration of the video. And it takes those as constructor parameters and sets some values, and that's it. That's everything that's in this file. There's nothing else that's going on here, just a simple video object. So that's not as interesting. So let's take a look at the video servlet. So if you open up the video servlet, immediately we see something a little more interesting. And that is we got a class that actually extends. HGDP servlet, which is the base of classes that are going to be servlets. So it extends job at x dot servlet dot HGDP dot HGDP servlet. So there's the import, if you need it. And, as we discussed, this class is going to receive the HGDP requests that are coming in through the server. It's just like if we were building an application that could take arguments from the command line and receive those arguments and invocations from the command line. This is a class that has methods to receive commands that are being sent across the network as HTTP. So one of the first things that we see that we previously discussed is a do get method. And the do methods in a servlet, each one of them corresponds to one of the http request methods. So, this servlet is going to respond to two http request methods. It's going to respond to the get http request method and the post request method. Now, if we look at the code, what that means is we should see corresponding do get, and if we scroll down do post methods. So both of these are the handler methods that are going to be invoked on this class, when either a get or a post comes in. So, what's going to happen is, that the servlet container that's running our servlet. So we have our video servlet that's inside this servlet container. Is going to rout requests that come in, either to do post. Or doGet and all of this is going to be determined via the request method. [BLANK_AUDIO] That's what's going to determine this internal routing to which method is getting invoked. Now there's a second layer routing that's also going to happen and that's the selection of servlet to handle the request. And that's what we're going to see in a second when we look at the web.xml file in this project. So right now, all we're looking at is the internal handler methods within the servlet once it gets routed a request, that are going to decide how the server responds to that request. So let's look at the implementation of these methods. So the do get method is fairly straight-forward. The first thing we do, as we did in the simple servlet that we created is, we're going to set the output type. We're going to tell the, set the content type so that the client knows what we're going to be sending back to them. So in this case, we're just sending text plain back to the client, so that it knows how to display what we've got. Now, the second piece is, we're getting a prep writer again, and this is exactly the same thing that we did in the first simple servlet example. We created a prep writer that allows us to send data back to the client. So the print writer is being used to write data that's going back to the client. So our mobile client over here is getting data that's coming in to the print writer's write method. So, whenever printrider.rider's called, that's sending that data back here to the client. Also, the setContentType Method is going to be important because that's telling headers or providing headers that are going to be put into this request. So, when we call setContentType, we are providing headers. That are going to go back to the client as we saw. So this is how these methods are mapping into the requests that we're creating. Now, the actual bulk of the work of what this method is actually doing is down here in this For Loop at the bottom. We're looping over each video that we currently have added and have in memory. So, if we scroll up a little bit, we can see that this list of videos is simply a in memory array list. There's nothing fancy. We're not connected to a database, yet. And, we are looping over the list of videos in this, in this, a for loop right here, and then for each video we're simply writing out the name and the URL to the client. So this is just a simple loop that's outputting text that's being fed back to the client so that it can go and do something and read it. Now, this actual get method isn't that interesting. It's just a simple method, and it's doing something very similar to what we saw, in a simple, servlet that we, we looked at before. Now let's take a look at a more complex method in the due post. Because suddenly, we're going to start accepting more data from the client that we have to look at and actually validate carefully. So let's look at the work that we have to do in order to accept that data from the client and then validate it. So we go down to the do post method, the first thing we'll see here is that we're accepting or expecting to accept a series of parameters from the client. So in this case, we're expecting to receive name, URL, and duration parameters. And just like we did with get request, we can extract these parameters from the http request body. In this case, it's a post body that' being sent to this due post method with the get parameter method. Again, if the client is sending query parameters they can be extracted with get parameter. And if the client is sending, you know, url encoded body, parameters in the form body of a post, then we can also extract them with the get parameter method. So, we're extracting the values of the name, the URL and the duration keys that the client is sending to us. The next thing that we have to do is something that's making things getting a little more interesting. And that's, we're going to have to validate that one of the parameters that we're getting is the expected value. So in the prior example of sample servlet we expected that all of the data that the client was sending to us was just a string. And we didn't really care about what the content of it was cause we weren't doing anything with it, we were just echoing it back. In this example, what we're actually going to do is we expect one of the parameters to be a number. So, we have to validate that we're actually getting a number back that is a java long. So the first thing we do here is we're going to actually create a java long to store the value, and then we have to try to parse a long out of the string the client sent to us. So you can imagine this is important, because we don't want the client to be able to send garbage data to us for the long. If they make a mistake and send an invalid video duration to us, we want to be able to catch that and tell the client that they made a mistake. Similarly, if they're doing something malicious and sending us data that isn't actually a valid video duration, we don't want to have that data stored on our site. So, here, we have to actually go and check that we have received a correct duration. And, there's lots of, of checks that we could do for the duration. But in this case, the first thing we're going to do is, we're just going to check the format. The next thing that we do, but as we did before, is we're going to set the content type. So, I'm going to move on past that, down to where it starts getting more interesting. Because we're accepting data and there's the possibility, that the client might not have send us correct data, we have to use this if statement, to look at, all of the different parameters that the client's sent to us, and make sure they meet our expectations and format. We have to remember that we have no control over what the client sends us. The client can send any data it wants in its HTTP request. And this is a really important point to remember. Even if you are writing your own client, you should not write your server to expect that all of the data is correctly formatted, or non malicious. You always need to realize anybody can send an HTTP request across the method, anybody can prot, pretend do be your client, and send you arbitrary requests to your server. And so you have to be able to handle those arbitrary requests and make sure they're actually valid. So, as we see here, we're doing several different checks. One, we're checking that the name isn't null, that the url isn't null, and the duration string isn't null. And then we're checking that the actual link of the name, and the link of the url, if you strip out all of the white space. So that's what these trim methods do. Is they actually strip out all of the white space in the string, or as long as we would expect. So we're saying that we expect a URL to be at least 10 characters long. And then we're also going in checking that the duration that we got was at least a, a certain length. We're not expecting any durations that are zero, or less. Now we're actually doing some extra work that, now that I look at it could probably be eliminated. We could just check the duration here, and see if it's correct, but we're actually checking the string as well, but that could probably be eliminated. The key then, is that if any of these things are wrong, we need to tell the client that the client made a mistake. And the way that we do that is by sending the 400 response code back to the client which is essentially a bad request response code. So if the client has missed one of the parameters or provided an invalid value, we're going to send an HDP400 response code. And then as we see here in the second part we're going to provide the client sort of a nice hint as to what it did wrong. We're going to give it some information about the parameters, that we were expecting to see in the request. Now, you could make this fancy or not fancy, it's rally up to you. But the important thing is that, we're sending this 400 response code, which is telling the client that it made a bad request. If we get lucky, and we've gone through all of this work up here. So this is a lot of work, this is all the work that we're doing to extract the parameters from the request and validate that they're actually correct. So if we go through all of this work up there at the top, finally at the bottom we actually get to do some work. So most of this method is just extracting parameters that the client sent us, and validating that they meet our expectations. So if we go thru all of that work, down here at the bottom we finally get to construct a video object, which is what we're trying to do is take the client data and construct a video object. We get to add it to our list of videos, and then finally we can write back a message to the client saying hey, we added the video. So if you look at this video added method, er message, it's just a video added is the value of it. So this is just a constant we've defined up top. So this is a huge amount of work to actually do something simple. And that is to take a request from the client, take in the data they they provides us, construct a video object and add it to our list. A massive amount of work, is going into all of this parameter extraction and validation. Now, it makes sense, that we have to do some work here, because again, we always want to remember, the values that we're getting in an http request, they could be anything. We don't know what the client is sending us. So as a developer, of a web based service that's going to receive http requests, you always need to be diligent, to check the content that you're getting in any you know key value pairs that are encoded in a foreign body and any query string parameters and any headers. Anything else you're getting from the client, you must not trust it, you must validate it yourself and ensure that it's actually correct.
