JWS: The Java Webserver

2007/06/11, 0.31a - index.html substitution now working. Correct "Content-type:" header now returned. (More.)

2007/05/31, 0.3a - Modified to use a cachedThreadPool of dynamically created worker threads to process HTTP requests. (More on the Java threading APIs here for the morbidly curious.) Javadocs now made with -private so all methods are documented.

2007/03/28, 0.2a - Javadoc comments, much improved reply headers, error handling refactored, request GET method checking, System.err used, method names cleaned up.

2007/03/21, Initial

This is a minimal multithreaded webserver implemented in Java. Possibly useful for learning purposes. A test.html file is included for your testing convenience.

This code is distributed under the modified BSD license. Share and enjoy freely, just give credit where credit is due.

Source code: JWS.java

Javadocs: javadocs.html

Bugs:

• There is no security validation done on the incoming URL. A clever hacker might be able to construct a tricky URL that would allow them to view your /etc/passwd file. Never run your webserver as root! Always lock network-facing services inside a chroot() jail!
• There's probably a way to reuse myByteBuf so we're not constantly new'ing a 4k data structure. Thanks to the way the threadpool APIs work, no longer an issue. One runnable object per HTTP request.
• "try/catch hell" is annoying, and the file feels much too long. Refactored, somewhat better now.
• HTTP header fields are not parsed, nor are proper headers returned in the reply. Not even a "200 OK" or content-type message. Greatly improved headers now returned. (Should probably use URLConnection.getFileNameMap().getContentTypeFor() for content-type header.)
• Should check to make sure the first token provided by next() is a GET and not a POST. If POST, return a "501 Not Implemented" page in similiar fashion to the current 404. 403, 404, 500 and 501 implemented.