The present invention relates generally to a computer method and system for invoking methods, and more specifically, to a method and system of invoking methods of a server object over the Internet.
The Internet comprises a vast number of computers interconnected so that information can be exchanged among the computers. Various protocol and other interface standards have been developed for the Internet so that each computer will understand information of the other computers. The World-Wide Web (xe2x80x9cWWWxe2x80x9d) is a subset of the Internet computers that support the Hypertext Transfer Protocol (xe2x80x9cHTTPxe2x80x9d). HTTP is an application-level protocol for distributed, collaborative, hyper-media information systems that defines the format and contents of messages and responses sent between client programs (xe2x80x9cclientsxe2x80x9d) and server programs (xe2x80x9cserversxe2x80x9d) over the Internet. In addition, HTTP is a generic, stateless, object-oriented protocol which can be used for many other tasks, such as name servers and distributed object management systems, through various extensions.
The Internet facilitates information exchange between servers and clients that are located throughout the world. Each computer on the Internet has a unique address (e.g., xe2x80x9cacme.comxe2x80x9d). When a client wishes to access a resource (e.g., document), the client specifies a Uniform Resource Locator (xe2x80x9cURLxe2x80x9d) that uniquely identifies the computer on which the server executes and the resource. An example of a URL is xe2x80x9chttp://acme.com/page1.xe2x80x9d In this example the server is identified by xe2x80x9cacme.comxe2x80x9d and the resource is identified by xe2x80x9cpage1.xe2x80x9d The URL has two parts: a scheme and a scheme-specific part. The scheme identifies the high-level protocol through which the information is to be exchanged, and the scheme-specific part contains additional information that identifies the server computer and the resource. The xe2x80x9chttpxe2x80x9d at the beginning of the example URL is the scheme and indicates that the remainder of the URL should be interpreted according to HTTP. The remainder specifies a server computer (e.g., xe2x80x9cacme.comxe2x80x9d) followed by additional information that is specific to the server. For example, the additional information may be a path name within the server computer to a Hypertext Markup Language (xe2x80x9cHTMLxe2x80x9d) document.
HTTP is based on a request/response paradigm. An HTTP message consists of a request from a client sent to a server and a response sent from the server to the client. A client sends a request to the server in the form of a request line comprising a method (e.g., xe2x80x9cGETxe2x80x9d) and a URL, optionally followed by a request header that allows the client to pass additional information about the request, a general header that allows a client to specify optional behavior that can be performed by the server, and an entity header and entity body that allow the client to send arbitrary information that is understood by a server. The server responds with a status line indicating status of the request (e.g., success or fail) followed by a response header that allows the sever to send additional information to a client, and a general header, entity header, and entity body that is analogous to those sent in the request. The request line of an HTTP request begins with a method token followed by a request URL. HTTP defines three request line methods that include xe2x80x9cget,xe2x80x9d xe2x80x9chead,xe2x80x9d and xe2x80x9cpost.xe2x80x9d HTTP further defines extension methods. The status line of an HTTP response includes a status code and a user readable reason phrase that indicates the status of the request. The headers generally contain a list of fields that include a field name, a colon, and a field value.
HTTP has been extended to permit a client to specify that a computer program is to be executed by the server. Two such extensions are the Common Gateway Interface (xe2x80x9cCGIxe2x80x9d) and the Internet Server Application Programming Interface (xe2x80x9cISAPIxe2x80x9d). CGI defines a sub-protocol of HTTP for running external software or gateways under a server in a platform-independent manner. A URL in an HTTP request specifies not only the protocol and server computer, but also a script, a behavior of the script, and parameters to pass to the script. When a server using CGI receives a URL, it recognizes that the client is requesting that a script be invoked. The server parses the information from the HTTP request and stores the information in xe2x80x9cenvironment variables.xe2x80x9d For example, an environment variable named xe2x80x9cscript_namexe2x80x9d contains the name of the script to be executed, and the environment variable named xe2x80x9ccontent_lengthxe2x80x9d contains the length of the entity body attached to the request. The server also invokes the specified script. The executing script can then request the various environment variables to be supplied by the server. Although the CGI and ISAPI protocols specify the format and semantics of executing a computer program at servers, they do not specify how to implement such server or scripts.
Because a client can specify a program to execute, there is a possibility that a client may request execution of a program for which it is not authorized or that may cause serious problems on the server computer. For example, if a client sends to a server a file that contained a program to erase a disk drive and requests that it be stored on the server computer. The client might then request that the server execute that file, which would result in erasure of the disk drive. Although servers could be developed to ensure that no such programs can be executed, currently typical servers do not provide such assurances. It would be desirable to have a mechanism that would allow existing servers to provide such assurances.
The present invention provides a method and system for invocation by a client program of a function of an object of an object class through a server program executing on a server computer system. The server program receives a request sent from the client program that identifies a shim script, an object class, and a function of the object class. In response to receiving the request, the server program loads and transfers control to the identified shim script. When an object of the identified object class does not exist, the shim script instantiates an object of the identified object class. The shim script then invokes the identified function of the instantiated object. The invoked function performs its behavior, creates a response to be sent to the client program, and sends the response to the client program. The response contains state information describing a state of the object after the behavior of the function is performed. The client program can send this state information when invoking another function of the object. The object can then be initialized to this state information to allow continued processing where it left off. In one embodiment, the server program and the shim script supports an Internet Server Application Programming Interface (xe2x80x9cISAPIxe2x80x9d) protocol. To avoid excessive overhead of instantiating objects, the shim script maintains a reference to the object so that upon receiving a subsequent request from a client program to invoke a function of an object of the identified object class, the referenced instance of the object can be used without instantiating a new object of the identified object class.
In another aspect, the present invention provides a method and system for modifying messages being transferred between a client program and a server program. The system defines a template having command lines that specify a command to perform on a message. The system performs the command of each command line of the template on the message to generate a shadow message. For each line in the shadow message, the system then determines whether the line contains a parameter and performs a behavior associated with the parameter. The parameters can be either a substitute parameter or a function parameter.
When the parameter is a substitute parameter, the system replaces the parameter with a value. When the parameter is a function, the system invokes a function associated with the parameter to modify the message. The message can either be a Hypertext Transfer Protocol (xe2x80x9cHTTPxe2x80x9d) request or an HTTP response. After the parameters are processed, the resulting message is processed by an HTTP client or server.