ZimWeb Features
ZimWeb requires a TEMPLATE
parameter. It is not optional (see Parameter Template can be Specified for this Procedure).
Ability to Handle POST and GET Requests
ZimWeb can accept parameters via either a POST request or a GET request (with the parameters in the URL, which means you can bookmark a ZimWeb request or add a hyperlink).
Debug Information
If you supply the parameter DEBUG
in the request, you can see all sorts of useful details about the parameters, the http headers, etc., which can be very useful for debugging.
Note: Since exposing the debugging information to any client may pose a security hazard, the ability to debug a request can be enabled and disabled by the application administrator.
HTTP Session and Cookie Parameter Management
Note: When we refer to a client session, we are referring to the HTTP session, not the Zim Database Agent session.
ZimWeb allows you to control and access client session and cookie parameters.
For example, your ZimWeb application could set the client session parameter PASSWORD
to indicate a password that the user had supplied when they logged in. From that point, the parameter PASSWORD
, if referenced in the TEMPLATE
, would be supplied with that value, until the user exited their browser, the session timed out (which the application can control), or your application cleared the parameter or invalidated the session (i.e. they logged out from your Zim application).
Client session parameters do not cause the Zim Database Agent session to remain open, so your Zim Dabase Agents remain available between processing client requests.
Also, client session parameters are managed by ZimWeb and are not sent to the browser, which can be good from a security standpoint.
Similarly, your application could set a cookie parameter USERNAME
to the user’s name if, say, they check a “Remember me” box. Your application will then receive the USERNAME
parameter, which can be a reference in the TEMPLATE
, until the cookie expires (which the application can control) or the parameter is cleared.
In addition, ZimWeb allows you to specify that particular parameters which only comes from the HTTP session or cookies, by prefixing their names with the session
or cookie
respectively.
Access to Key Information About the Request
ZimWeb exposes key information about the request as parameters which can be included in your TEMPLATE
, these include:
- The PathInfo of the request is placed in the
PATHINFO
parameter. For example, say the ZimWeb servlet (ZII) is at the URL http:www.mycorp.com/ZII/servlet/ZII – if it receives a request for a URL relative to that e.g. http:www.mycorp.com/ZII/servlet/ZII/one/two, then thePATHINFO
parameter would be set to /one/two. - The URL of the request entered by the client (including any Pathinfo, but excluding any parameters) is placed in the
REQUESTURL
parameter. - If the client HTTP session is being tracked through a cookie (which it must be for HTTP sessions to function correctly), the parameter
SESSIONFROMCOOKIE
is set to1
, otherwise0
.
Support for Client Authentication by Different methods
ZimWeb provides support for client authentication in various different ways:
- If the client has been authenticated by the web server or servlet engine, their user name is placed in the
AUTHUSERNAME
parameter, and the authentication method (usuallyBASIC
) is placed in theAUTHTYPE
parameter. - The Zim application can force the client to authenticate itself using the
request-authentication:
command, and discover the (unauthenticated) user name and password of the client through theCLIENTUSERNAME
andCLIENTPASSWORD
parameters. - The Zim application can record the client’s authentication status in HTTP session parameters.
Control Over the Response
ZimWeb gives the Zim application control over the response sent back to the client, including the ability to:
- Redirect the client to a particular URL.
- Set how long the response can be cached by the client.
- Set the HTTP status or error code and message.
- Set arbitrary HTTP headers.
Improved Zim Session Control
ZimWeb includes options to improve the security of, and to simplify the use of, persistent Zim sessions:
- Improved security by preventing clients from starting sessions when the Zim application is not expecting this – this could be used to deny service by committing all the Zim Database Agents.
- Zim sessions can be placed under the exclusive control of the Zim application through the
start-zim-session
,end-zim-session
andcancel-zim-session
commands, coupled with disabling the input parameters previously used to control Zim sessions. - New or rewritten applications can manage Zim sessions through the HTTP session, eliminating the need to pass the
SESSIONID
parameter back and forth.
XML and XSLT Support
If your Zim application generates XML output, then it can request that an XSLT style sheet is applied to that XML to generate what is sent to the client (web browser, cellphone, etc.).
Also, the web request can indicate that a particular style sheet is required, overriding the style sheet specified by the Zim application. It can even request that no style sheet is used, returning instead the raw XML.
XSLT stylesheets are automatically compiled and cached in memory for maximum performance. The web-based administration tool allows you to see which XSLT stylesheets are cached, and also enables you to clear the cache, forcing the stylesheets to be reloaded, which is useful if you have changed the stylesheets.
There is no upper limit on the XSLT stylesheet cache size – if you run out of memory through caching stylesheets then you haven’t got enough memory to run your application efficiently.
Page Template Support
Some pages, particularly those designed by graphic artists etc., may not be convenient to turn into XSLT stylesheets (see XML and XSLT support).
ZimWeb includes page template support. A page template is just a regular page (HTML or XML), with parameter placeholders to indicate where each parameter to be supplied by the Zim application is to be placed. This template can be designed easily with your normal web page design tool.
The Zim application can then supply the parameters in an XML format. These parameters are combined with the template, with the result page being delivered to the client.
Just as with the XSLT processing, the templates are compiled into memory for maximum performance, and the request can specify an alternative, or even no page template.
XSL-FO Support
ZimWeb includes XSL-FO support – this allows the Zim application to render XSL-FO (Formatting Objects) – usually the result of XSLT processing, though it can be from a page template or even the unprocessed Zim agent output – into Adobe Portable Document Format (PDF) or Rich Text Format (RTF), so the application can deliver typeset output directly to the client’s browser.
Parameter Template can be Specified for the Procedure
When specifying which procedures can be run for a given connection, you can also specify the parameter template, eliminating the need the supply a TEMPLATE
parameter with the request.
Improved Zim Session Control
The Zim application can directly control the termination of a Zim session – i.e. whether a Zim Database Agent is dedicated to a particular client, or is released when a request has been processed. This is very useful in preventing “denial-of-service” to the Zim web application by holding open every available Zim database agent.
Of course, the ZII’s HTTP Session and Cookie Parameter Management eliminates much of the need to hold open the Zim session.
Ability to Start ZimWeb Automatically When Java Servlet Engine Starts
By setting “load-on-startup” for the ZimWeb servlet configuration (the file web.xml if you are using Tomcat), ZimWeb will automatically start, and create all the Zim Database Agent sessions, when the Java Servlet Engine starts.
Note: If the Zim Server is not available, the ZimWeb will start anyway, and you can start the Zim Database Agent sessions when Zim Server does become available with the web-based administration tool.
Administration Tools
ZimWeb has a web-based administration tool, which enables you to:
- Monitor, start and stop the Zim Database Agent sessions e.g. if you want to prevent access to the Zim application for maintenance purposes.
- Enable or disable client request debugging.
- See the value of the startup parameters.
- Monitor and clear the XSLT style sheet and page template caches (e.g. if you update your style sheets or page templates, they will not be read if the style sheet or page template is already cached in memory.)
In addition, ZimWeb includes a utility which enables you to perform these functions from the command line or automatically in scripts, scheduled tasks, etc.