Squeak Web Server
|
|
Introduction
This is a web server for Squeak, implemented entirely inside Squeak. Its purpose is to make Squeak a web-based OODBMS/object server/application server (pick your name). Some of its features are
- user authentication
- forms support
- transaction logging for image roll forward in case of a crash
- per user undo facility
- nightly housekeeping operations
Note: Currently this is not a full fledged HTTP 1.0 server, namely
- no support for simple requests (nobody sends them anyway)
- any request that is not POST is treated as GET
Principles of Operation
URLs
The server handles URLs of the form 'objectId.message'
. Additional parameters delimited by dots may be appended.
Since OOP's are not fixed in Squeak the web server maintains its own objectId's. There are two kinds of them
- automatic
These are numeric and generated on demand. They are purged nightly to avoid garbage accumulation (Squeak has no weak references). These URL's should not be bookmarked.
- manual
These are alphabetic and managed by the system administrator. They represent the 'official' entrypoints and thus may be bookmarked.
Message is always a single parameter keyword message (with the trailing colon omitted) with the parameter describing the request.
The corresponding method must be in the Category "HTML Reply" to be accepted otherwise a "400 Bad Request" message is returned. The same reply is triggered by any execution error.
Authentication
The WWW-Authenticate: Basic
mechanism is used.
It is up to the individual HTML-generating method to use the authentification information to decide whether the request is legitimate or how to customize the response. Utility methods provide for the RFC 1421 encoding of username/password combinations and mapping them to application defined 'user' objects.
Forms
Forms information is extracted to a dictionary with the field names as keys and the field data as values. Multivalued fields (multiple selection lists, checkbox groups) return an array of values.
Transaction Log
The log contains information to rerun all requests in case of a crash. Since this includes username/password information the log has to be kept as secure as the image itself. To guarantee (approximately) accurate timestamps when rolling forward Time has been augmented with a 'Bias' class variable. All senders of Time>primSecondsClock
must be modified to apply the bias (Time dateAndTimeNow
and Time>totalSeconds
in the standard image).
Undo
Undo is implemented by creating undo objects holding receiver, message, and parameters. It is the responsibility of the request (form) processing methods to build these objects. Only the (n) newest undo objects are kept, furthermore they are purged during the night. Every user sees only her/his undos.
Implementation Notes
- String constants
- Some string constants are stored in the pool dictionary TextConstants.
TextConstants at: #HttpAuthorize
- You may want to use a different realm.
WebRequest>getReply
- Use the name of your local proxy server or eliminate the first line if you don't care.
WebRequest>noProxy
- Write about your own proxy policy (if you have one, see
WebRequest>getReply
).
WebRequest>robots
- Insert your robot policy.
WebRequest>title
- Adjust the header to your local needs.
WebRequest>getReply
- Adjust the page footer to your local needs.
Source code
Get WebServer.st and miscChanges.st and file them into a 1.21 image. Execute WebRequest serveOnPort: 8080 loggingTo: 'test.log'
. Then load the URL http://your.server:8080/Server.demo
in your favorite web browser.
Notes on version 0.1.1:
- The code has been tested by loading into a virgin 1.21 image on the Mac. Let me know whether it works on other platforms.
- The example implements a very simple class hierarchy browser, demonstrating forms and authentication.
- Username/passwort for stopping the server is "manager"/"squeak".
- Running both Squeak and the browser on the same machine gave halting performance on my Mac.
- You might experience some freezes or crashes. Whether due to bugs in the socket primitives or misuse on my side, I do not know.
- Sometimes the server seemes to be deaf. Aborting and retrying the request at the browser side usually corrects this.
- Image roll forward and undo are not yet implemented.
Feel free to contact me if you have any comments or questions.
Georg Gollmann, Dept.
Systems Support (IU),
19.8.1997