SYBEX Index
Java
™
2 Web Developer
Certification Study Guide
Natalie Levi; Philip Heller
Index
Copyright © 2002 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic or other record, without the prior agreement and written permission of the publisher. ISBN: 0-7821-4091-2
SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the USA and other countries.
TRADEMARKS: Sybex has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer. Copyrights and trademarks of all products and services listed or described herein are property of their respective owners and companies. All rules and laws pertaining to said copyrights and trademarks are inferred.
This document may contain images, text, trademarks, logos, and/or other material owned by third parties. All rights reserved. Such material may not be copied, distributed, transmitted, or stored without the express, prior, written consent of the owner.
The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturers. The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to
performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book.
Sybex Inc.
1151 Marina Village Parkway Alameda, CA 94501 U.S.A.
Phone: 510-523-8233 www.sybex.com
Index
Note to the Reader: Page numbers in bold indicate the principle discussion of a topic or the definition
of a term. Page numbers in italic indicate illustrations.
A
absolute paths, 365, 476
access lists, 238, 476
ACTION attribute, 7
action tags, 330–345,See also JSPs attributes of, 345
creating lists of attributes for, 396–397 defined, 330, 476 jsp:fallback sub-tag, 335 jsp:forward, 331–332 jsp:include, 330–331 jsp:param, 335–336 jsp:params sub-tag, 335 jsp:plugin, 333–335 jsp:useBean application scope, 338 attributes, 337–338 beanName, 338 class name, 338 class type, 338 defined, 336 id name, 337
versus Java classes, 336–337 jsp:getProperty, 342–345 jsp:setProperty, 336, 339–342, 341, 441 page scope, 337 request scope, 337–338 session scope, 338 steps in, 339 overview of, 345, 357 warnings, 331, 332 antivirus software, 240, 241 application objects, 322, 476 application scope, 326, 326, 338, 476 application servers, 4, 413, 413, 476,
See also Business Logic tier; Server tier
applications. See web applications attackers, 234, 241
attributes, See also HTML of action tags jsp:getAttribute tag, 344 jsp:include tag, 331 jsp:param tag, 336 jsp:plugin tag, 333–334 jsp:setProperty tag, 341–342 jsp:useBean tag, 337–338 overview of, 345 attribute methods in HttpSession objects, 67–68, 137–140, 215, 218 HttpSessionAttributeListener, 139–141 HttpSessionBindingEvent, 142 ServletContext, 127–129 ServletContextAttributeEvent, 134–135 ServletContextAttributeListener, 134 changes to, 141 context attributes, 126–129, 271, 285–287, 290, 478
versus context parameters, 126, 129 creating lists of for actions, 396–397 defined, 126, 476
for dynamic error pages, 176 error, setting, 180–181 of errors, 187–188 of FORM tag, 7 getAttribute(…) method, 56–57 getAttribute() method, 127–128 of INPUT tag, 8 of JSP custom tags defined, 362
494 auditing user roles – button controls
defining scope of, 396–399, 397
linking to JSPs, 398 pageContext and, 398–399 sample listing, 371
using via setXXX(…) method, 395
<tag>, 369 <taglib>, 363–364 validating, 398 of JSP pages, 317–321 names, predefined, 128 quotes around, 12
scope, of implicit objects, 326–328, 326–328
of ServletContext, 126, 128, 129, 141 setAttribute(…) method, 56–57, 127,
128–129
web application, defining, 126–127 auditing user roles, 237–240
authentication methods, See also security BASIC method, 241, 242–246, 242, 258 CLIENT-CERT method, 242, 251–254, 252, 258 defined, 236, 476 DIGEST method, 242, 249–251, 249–250, 252, 258 FORM method, 241, 246–249, 247 in JAAS API, 236
using nonce values, 249–250, 250
authorization, 235, 235–236, 476
Automatic Code Generated DAO strategy, 430,
476
B
base class, 391, 476
BASIC authentication, 241, 242, 242–246, 258 Basic DAO strategy, 428–429
BMP (Bean Managed Persistence), 428 body content, 23, 24, 362, 477
BodyTag interface, See also JSP custom tags
bodyContent object, 381–385, 385, 387, 389 constants, 387 defined, 381 defining in TLD, 386–387 doAfterBody() method, 385, 387, 389 doInitBody() method, 381, 385, 387 getBodyContent() method, 384 getEnclosingWriter() method, 382–384, 385 life cycle, 385, 386 methods, 381–386, 385–386 overview of, 373, 373, 390 sample listing, 387–390 setBodyContent(…) method, 381, 385, 386, 387 BodyTagSupport class, 358, 373, 390, 393–395
Botanical Market scenario, 102–103
Business Delegate pattern, See also Web tier design patterns
advantages, 436–437
Business Delegate layer, 435, 477 business services and, 435, 436
caching client results, 435–436 defined, 434–435,436, 477
Delegate Adapter strategy, 436, 479 Delegate Proxy strategy, 436, 479 disadvantages, 436, 437
intercepting server-side exceptions, 435 naming and lookup services, 435
Business Logic tier, 3–4, 4, 302, See also J2EE; Server tier
business objects, 427, 427, 428, 477
business services, 435,436, 477
button controls, See also HTML FORM tag basic buttons, 11
radio buttons, 12–13 reset buttons, 11 submit buttons, 10–11
caching client results – containers 495
C
caching client results, 435–436
CAs (certificate authorities), 253, 254, 477 CGI (Common Gateway Interface), 301 checkbox control, 11–12
CHECKED attribute of INPUT tag, 8, 477 class variables, 271, 277–280, 279–280,
290, 477
ClassCastException, 338, 339 ClassLoader
loading /WEB-INF classes, 99 loading servlets, 69 client certificates certificate authorities, 253, 254, 477 defined, 251 digital certificates, 251, 253–254 digital signatures, 251–253, 252 information in, 253 overview of, 254 private keys, 251–252, 252 public keys, 251–254, 252 client requests. See requests Client, Web. See Presentation tier
CLIENT-CERT authentication, 242, 251–254,
252, 258
client-server security, 235, 235 client-viewable files, 96, 101–102 clustering. See distributable environments CMP (Container Managed Persistence), 428 code syntax. See DTDs; HTML; JSP COLS attribute of TEXTAREA tag, 15 conditional GET method, 26, 477 conditional statements, 312, 314–315 config objects, 323, 477, See also
ServletConfig config scope, 326, 327, 327 connection pools creating, 130–131 defined, 130 defining in web.xml, 132–133 using, 132–133
containers, 122–165, See also directory structure defined, 4, 68, 478
distributable environments and benefits, 146 container support, 148–149 defined, 145–146, 480 deployment descriptor, 147–148 design rules, 146–147 HttpSession objects, 147, 149 instance variables, 146 listener classes, 149 servlet access, 147 ServletContext, 147, 149 static variables, 146 synchronization, 147 exam essentials, 157–159 filters and chaining, 153 creating, 151–154 defined, 150 deployment descriptor, 154–155 example, 153–154 initialization parameters, 154 life cycle, 150–151, 150 mapping to servlets, 154–155 mapping to URL patterns, 155 methods, 152–153
naming, 154
HttpSession objects, See also HttpSession attribute changes, 141
attribute methods, 137, 138, 139–140 creating, 135–136, 135
creating session data, 136, 136 defined, 135, 482
in distributable environments, 147, 149 getSession() method, 138–139
HttpServletRequest class and, 137, 138 HttpSessionActivationListener, 142–143 HttpSessionAttributeListener, 139–141
496 content type – deadlocks HttpSessionBindingEvent, 140–142 HttpSessionBindingListener, 144–145 HttpSessionEvent, 138–139 HttpSessionListener, 137–139 methods, 137–139, 142–145 real world scenario, 145
using session data, 136–137, 136 sessionCreated() method, 137, 138 sessionDestroyed() method, 137–138, 139 sessionDidActivate() method, 142, 143 session.getID() method, 138
sessionWillPassivate() method, 142–143 shopping cart example, 135–136,
135–136
valueBound() method, 144 valueUnbound() method, 144, 145 implicit mapping and, 98
key terms, 159
overview of, 122, 155–156 review question answers, 164–165 review questions, 160–163
ServletContext objects, See also context; ServletContext attribute methods, 127–129, 134–135 attributes, 126, 128, 129, 141 defined, 122–123 listener classes, 129–134 methods, 74–76, 123–131, 134–135 ServletContextAttributeEvent, 134–135 ServletContextAttributeListener, 134 ServletContextEvent, 133–134 ServletContextListener, 129–133 warnings, 124, 133
content type, 47, 111, 478, See also body content context, See also directory structure;
ServletContext attributes, 126–129, 271, 285–287, 290, 478 context objects, 123, 478 context path defined, 64, 65, 478
in mapping URLs to servlets, 97–98, 107– 109, 109 overview of, 104, 105 warning, 97 <context> tag, 104, 105, 107 <context-param> tag, 104, 105, 124, 322 context-relative paths, 365, 478 defined, 95, 96, 123, 478 defining with JRun, 96 examples, 96–97 parameters, 124, 126, 129, 322 Tomcat and, 96 warning, 97 when initialized/removed, 132 controllers, 438, 438–441, 440, See also MVC
controls. See HTML FORM tag cookies
adding to responses, 66, 211, 212–213 creating, 211
defined, 211, 478
getting via requests, 66, 212, 213–214 custom tags. See JSP custom tags
D
Data Access Object (DAO) pattern,
See also Web tier design patterns
advantages, 433–434
Automatic Code Generated DAO, 430 Basic DAO, 428–429
business objects and, 427, 427, 428 data access objects, 427–428, 427, 478 defined, 427, 427–428, 479
disadvantages, 434 EIS transactions and, 427 Factory for DAO, 430–433, 481 JDBC API and, 426
sample listing, 429
vendor dependent code and, 426–427 data integrity, 236–237
databases, 4, See also EIS deadlocks, 275
declarations – DTDs 497
declarations, 309–311, 329, 479 declarative security, 237–238, 240, 479 default mapping, 98, 479
Delegate Adapter strategy, 436, 479 Delegate Proxy strategy, 436, 479 DELETE method, 32, 479
deployment descriptors. See DTDs
design patterns. See Web tier design patterns destroy() method, 73, 78–79 DIGEST authentication, 242, 249–250, 249–251, 252, 258 digests, 249, 249–250, 479 digital certificates, 251, 253–254, 479 digital signatures, 102, 251–253, 252, 479 directives, See also JSPs
defined, 315–316, 479 implicit objects in, 329 include directives, 316–317 page directives, 317–320 taglib directives, 320–321, 490
directory structure, See also containers; context; web applications
/META-INF directory and, 101–102 /WEB-INF layer, 95–96, 98–99, 492 client-viewable files, 96, 101–102 context layer, 95–98
overview of, 95–96
real world scenario, 102–103 sample layout, 102
web archive files and, 99–101
distributable environments, See also containers benefits, 146 container support, 148–149 defined, 145–146, 480 deployment descriptor, 147–148 design rules, 146–147 HttpSession objects, 147, 149 instance variables, 146 listener classes, 149 servlet access, 147 ServletContext, 147, 149 static variables, 146 synchronization, 147 doAfterBody() method, 385, 387, 389 doEndTag() method, 359, 385, 389 doInitBody() method, 381, 385, 387 doStartTag() method, 359, 385 doXXX(…) request methods, See also
HttpServlet doXXX defined, 44–45 doDelete(…), 49–50 doGet(…), 46–47 doHead(…), 49 doOptions(…), 50 doPost(…), 48 doPut(…), 48–49 doTrace(…), 51 overview of, 45, 73
DTD (document type definition), 105, 480 DTDs (deployment template descriptors),
See also JSP defined, 70, 103 distributable, 147–148 error-code, 175–176, 177, 179 error-page, 175–176, 177, 186 exception-type, 186–187 filter, 154–155 listener, 132–133 location, 176, 177 for security auth-constraint, 238, 244, 245, 257 auth-method, 245, 257 in BASIC authentication, 243–246 description, 246 in FORM authentication, 248–249 form-error-page, 248, 249, 257 form-login-config, 248–249, 257 form-login-page, 248, 249, 257 http-method, 244–245, 257 login-config, 245–246, 248, 257 overview of, 256–257 realm-name, 246 in role-based security, 237–238, 240 role-name, 238, 246, 257
498 dynamic error pages – exception handling security-constraint, 237–238, 243–245, 256 security-role, 246 url-pattern, 238, 244, 245, 256 web-resource-collection, 237–238, 244, 256 web-resource-name, 238, 244, 256 for web applications
?xml, 105 context, 104, 105, 107 context path, 104, 105, 108, 109 context-param, 104, 105 docbase, 105, 108, 109 !DOCTYPE…, 105 init-param, 106–107 mime-mapping, 110–111
sample listings of, 70–71, 103–105 servlet, 106–107, 277 servlet-mapping, 107–109, 109 session-config, 109, 110, 221 session-timeout, 110, 221 url-pattern, 107–109, 109 web-app, 105 welcome-file-list, 111–112
dynamic error pages, 176–179, 186–188, 480
E
EEI (Educational Edge Inc.) scenario, 145 EIS (Enterprise Information Systems) tier, 3, 4,
427, 480
EJBs (Enterprise Java Beans), See also Server tier defined, 3, 4, 413, 480 entity beans, 413–414, 414 session beans, 415–416, 415 encoding characters, 58–59 encoding URLs, 209–211 encrypting passwords, 250
encryption, public key, 236–237 entity beans, 413–414, 414, 480 Entity Inherits Value Object strategy,
421–422, 480
ePayroll Inc. scenario, 444–445 error handling. See exception handling events defined, 133, 480 HttpSessionBindingEvent, 142 HttpSessionEvent, 138–139 ServletContextAttributeEvent, 134–135 ServletContextEvent, 133–134 exact mapping, 97, 480
exam answers, practice, 469–474 exam questions, practice, 456–468 exception handling, 168–196
error attributes, 187–188 using error pages
DTD tags for, 175–176, 177, 186 dynamic custom pages, 176–179,
186–188, 480
server-generated pages, 171–174 for specific error codes, 171–181 for specific exception types, 186–188 static custom pages, 175–176, 186 ErrorServlet class, 177, 178, 186 exam essentials, 189–190 exception objects, 325, 480 exception scope, 326 exceptions, defined, 168, 481 JSP exceptions ClassCastException, 338, 339 IllegalArgumentException, 342 IllegalStateException, 332 InstantiatedException, 339 NullPointerException, 344 key terms, 190
logging error messages, 181–182 overview of, 168, 189
Exotic Birds Inc. scenario – getID() method 499
custom error pages to clients, 175–179
default error pages to clients, 171–174 HTTP errors, 171–174
of non-errors, 174 overview of, 168–169
passing errors to other servlets, 179–181
raw text messages to clients, 169–171 by RequestDispatcher, 179–181 using sendError(…), 171–173,
181, 182
using setStatus(…), 173–174 stack trace messages to clients, 182 problems, listed, 46
real world scenario, 185–186 review question answers, 195–196 review questions, 191–194 server-side, intercepting, 435 servlet exceptions IllegalStateException, 173, 222 overview of, 182–183 RuntimeException, 182–183 ServletException, 72, 73, 182–185
Throwable objects and, 183, 184, 187, 188, 325
UnavailableException, 72, 73, 183, 184–185
Exotic Birds Inc. scenario, 79 expressions, 311–312, 328, 481 extension mapping, 98, 481
F
Factory for DAO strategy, 430–433, 481 filters, See also containers
chaining, 153 creating, 151–154 defined, 150, 481 deployment descriptor, 154–155 example, 153–154 initialization parameters, 154 life cycle, 150–151, 150 mapping to servlets, 154–155 mapping to URL patterns, 155 methods, 152–153 naming, 154 firewalls, 241, 481 first-person penalty, 307, 481 FORM authentication, 241, 246–249, 247
FORM tag. See HTML FORM tag forms, 5–6, 7, 481 forward actions, 331–332, 481 forward(…) method, 76–78, 281, 282
G
GenericServlet class javax.servlet.GenericServlet, 306 log file methods, 181ServletConfig and, 69, 123
GET method, See also HTTP request methods advantages, 25
conditional GET, 26, 477 defined, 25, 482
disadvantages, 25
doGet(…) method and, 46–47 examples of use, 26–28 versus HEAD method, 31 as idempotent, 25 partial GET, 26, 486 versus POST method, 28, 30
“get” method of value objects, 416, 419 getAttribute action, 344
getAttribute() method, 56–57, 127–128 getBodyContent() method, 384
getEnclosingWriter() method, 382–384, 385 getID() method, 138
500 getInitParameter() method – HTTP client requests getInitParameter() method, 105, 124, 125, 131 getLocale() methods, 58 getMaxInactiveInterval(…) method, 221–222 getMimeType() method, 125 getName() method, 135 getNamedDispatcher(…) method, 74–75 getParameter(…) method, 53–55 getPathInfo() method, 64, 205, 208–209 getProperty action, 342–345, 482 getRequestDispatcher() method, 74–76, 125 getResource() method, 125 getResourceAsStream() method, 125–126 getServletContext() method, 71, 123, 133, 135 getServletName() method, 71 getSession() method, 138–139, 215 getValue() method, 135
getXXX() methods, entity beans and, 414
H
hackers, 234, 241, 482 HEAD method, 31–32, 482 header request methods, 59–62 header response methods, 62–63 headers in responses, 23, 23–24 hidden comments, 308–309, 482 hidden HTML values, 9–10, 199–202, 202, 482 HTML FORM authentication, 241, 246–249, 247
HTML FORM tag, See also Presentation tier ACTION attribute, 7
defined, 7–8 INPUT controls
basic button control, 11 checkbox control, 11–12 CHECKED attribute, 8, 477 controls, defined, 7–8, 478 hidden controls, 9–10, 199–202, 202 MAXLENGTH attribute, 8, 484 NAME attribute, 8 password control, 9 radio button control, 12–13 reset button control, 11 SIZE attribute, 8, 489 SRC attribute, 8
submit button control, 10–11 text field control, 9
TYPE attribute, 8–13, 490 VALUE attribute, 8, 10, 491 METHOD attribute, 7 SELECT control defined, 13 MULTIPLE attribute, 14 NAME attribute, 14 OPTION attribute, 13 overview of, 7–8 TEXTAREA control COLS attribute, 15 defined, 14 overview of, 7–8 ROWS attribute, 15 WRAP attribute, 15
HTML (Hypertext Markup Language),
See also JSPs
defined, 5, 482 forms, 5–6, 7, 481 tags
defined, 6–7
versus Java applets, 6 overview of, 2, 6–7 when to use, 6
HTTP client requests, See also Presentation tier; requests body, 19, 22 categorizing, 18, 19 defined, 5, 5, 18, 18 empty lines, 22 headers, 19–22, 19 overview of, 2, 4, 4 request lines, 19, 19
HTTP (Hypertext Transmission Protocol) – HttpSession objects 501
HTTP (Hypertext Transmission Protocol) BASIC authentication, 241, 242–246, 242, 258 defined, 17–18, 18, 482 DIGEST authentication, 242, 249–251, 249– 250, 252, 258 overview of, 2 sessions and, 198–199, 220
HTTP request methods, 24–33, See also HttpServlet doXXX defined, 24–25 DELETE method, 32, 479 GET method advantages, 25 conditional GET, 26, 477 defined, 25, 482 disadvantages, 25
doGet(…) method and, 46–47 examples of use, 26–28 versus HEAD method, 31 as idempotent, 25 partial GET, 26, 486 versus POST method, 28, 30 HEAD method, 31–32, 482 OPTIONS method, 32, 485 overview of, 2 POST method advantages, 28 defined, 28, 486 disadvantage, 28
doPost(…) method and, 48 example, 28–30
versus GET method, 28, 30 security, 28, 30
PUT method, 30–31, 32 TRACE method, 32–33, 490
HTTP server responses, See also Presentation tier; responses body, 23, 24 categorizing, 22, 23 defined, 5, 5, 18, 18, 22, 23 headers, 23–24, 23 images in, 24 overview of, 2, 4, 4 status lines, 23, 23 HTTPS Client authentication, 242, 251–254, 252, 258
HttpServlet doXXX(…) request methods,
See also HTTP request methods;
Servlet model
content type and, 47 defined, 44–45 doDelete(…), 49–50 doGet(…), 46–47 doHead(…), 49 doOptions(…), 50 doPost(…), 48 doPut(…), 48–49 doTrace(…), 51 error handlers, 46 overview of, 45, 73 parameters, 46 signatures, 45
HttpServletRequest objects, See also requests; Servlet model defined, 52, 52, 59 extracting cookies, 66, 212, 213–214 handling, 72, 73 parameter methods, 46, 59 path elements context path, 64, 65 overview of, 63 path info, 64–65, 205, 208–209 servlet path, 64, 65
request header methods, 59–62 user information methods, 239 virtual path translations, 65–66
HttpServletResponse objects, See also responses; Servlet model
adding cookies to, 66, 211, 212–213 defined, 52, 52, 59
header response methods, 62–63 sendError(…) method, 171–173 setStatus(…) method, 173–174
HttpSession objects, See also containers; Servlet model; sessions
502 idempotent – initializing servlets attribute changes, 141 attribute methods, 67–68, 137–140, 215, 218 attributes, thread-safe, 284–285, 285 configuring, 109–110 creating, 135–136, 135 creating session data, 136, 136 defined, 66, 135, 482
in distributable environments, 147, 149 getSession() methods, 215
HttpServletRequest class and, 137, 138 listener classes HttpSessionActivationListener, 142–143 HttpSessionAttributeListener, 139–141 HttpSessionBindingEvent of, 140–142 HttpSessionBindingListener, 144–145, 218–219 HttpSessionEvent of, 138–139, 224 HttpSessionListener, 137–139, 219–220, 224 methods, 218–219 methods, 67, 137–139, 142–145 overview of, 68, 214–215 real world scenario, 145
sample listings, 215–216, 217–218 ServletContext and, 216–217 using session data, 136–137, 136 session ID method, 68
session IDs in, 214
shopping cart example, 135–136, 135–136 warning, 215
I
idempotent, 25, 482 IllegalArgumentException, 342 IllegalStateException, 173, 222, 332 images in responses, 24 immutable variables, 276, 483 implicit mapping, 98implicit objects, See also JSPs
application objects, 322 application scope, 326, 326 config objects, 323, 477 config scope, 326, 327, 327 in declarations, 329 defined, 322, 483 in directives, 329 exception objects, 325, 480 exception scope, 326 in expressions, 328 life cycle of, 328–329
out objects, 325, 381–383, 485 out scope, 326 overview of, 304, 305, 330 page objects, 325 page scope, 326, 327, 327 pageContext objects, 323 pageContext scope, 326 request objects, 324 request scope, 326 response objects, 324 response scope, 326 scope attributes, 326–328, 326–328 in scriptlets, 329 session objects, 324–325 session scope, 326, 327, 328 Tag interface and, 377–378 include action, 330–331, 483 include directives, 316–317 include(…) method, 75–76, 281 indexed properties, 344 initialization parameters for context, 105, 124, 125, 131 for filters, 154 for servlets, 70–71, 106–107
initializing servlets, See also Servlet model deployment descriptors and, 70 using init(…) method, 69 using init() method, 69–72
using init-param tags, 70–71, 106–107 overview of, 69, 72
INPUT tag – JSP custom tags 503
ServletConfig object and, 69–72 ServletContext method and, 71 ServletName method and, 71 web.xml files and, 70–71 INPUT tag. See HTML FORM tag instance variables
defined, 483
distributable environments and, 146
thread safety in, 271, 273–276, 274–275, 280,
280, 290
InstantiatedException, 339 International Phone Card Inc.
scenario, 345 intruder detection, 241
Investments Inc. scenario, 223–224 IP (Internet Protocol), 17 iPlanet server, 173, 177 isolation level, 425, 483 IterationTag interface, 372–373, 373, 378–381, 379, 390, 391 iterative statements, 312, 314, 315
J
J2EE (Java 2 Enterprise Edition) model,
See also Presentation tier; Web tier
Business Logic tier, 3–4, 4, 302 defined, 3–5, 4–5, 412, 413 EIS tier, 3, 4, 427, 480 overview of, 2
security model, 235–236, 235 Server tier, 412–416, 413–415
JAAS (Java Authentication and Authorization Service), 236
JAR (Java archive) files, 99–101, 483 Java applets versus HTML tags, 6 JavaBeans
defined, 336, 483
versus enterprise beans, 344 versus Java classes, 336–337
JDBC (Java Database Connectivity), 426 JNDI (Java Naming and Directory
Interface), 131 jRun server, 96, 177 JSP custom tags, 357–409
attributes
creating lists of for actions, 396–397 defined, 362
defining scope of, 396–399, 397 linking to JSPs, 398
pageContext and, 398–399 sample listing, 371
using via setXXX(…) method, 395 of <tag>, 369 of <taglib>, 363–364 validating, 398 body content, 362, 477 BodyTag interface bodyContent object, 381–385, 385, 387, 389 constants, 387 defined, 381 defining in TLD, 386–387 doAfterBody() method, 385, 387, 389 doInitBody() method, 381, 385, 387 getBodyContent() method, 384 getEnclosingWriter() method, 382–384, 385 life cycle, 385, 386 methods, 381–386, 385–386 overview of, 373, 373, 390 sample listing, 387–390 setBodyContent(…) method, 381, 385, 386, 387 defined, 357–358, 478 doEndTag() method, 359, 385, 389 doStartTag() method, 359, 385 exam essentials, 400–402 interface support classes
base class in, 391, 476
BodyTagSupport, 358, 373, 390, 393–395
504 JSPs (Java Server Pages) – JSPs (Java Server Pages) overview of, 390 TagExtraInfo, 390, 395–399, 397 TagSupport, 373, 390, 391–393 interfaces BodyTag, 373, 373, 381–390, 385–386 hierarchy, 373, 373 IterationTag, 372–373, 373, 378–381, 379, 390, 391 overview of, 372–373 Tag, 358, 372–378, 373, 376 key terms, 402 mapping to via DTDs, 360–361, 361, 363–366 MyJspPage.jsp and, 358, 361 MyTagName.class and, 358 names, 362 nested tags, 362, 382–384, 385, 392–393 outer tags, 382 overview of, 399
pageContext objects and, 374, 378, 381, 383, 398–399
prefixes, 321, 362, 363–364 real world scenario, 371–372 required components, 358 review question answers, 408–409 review questions, 403–407 sample listings, 358–359, 364–365, 366–367, 371 suffixes, 362 <tag>, 360, 368–371 Tag interface constants, 375 defined, 372 hierarchy, 373, 373
implicit objects and, 377–378 life cycle, 376, 376
methods, 374–376 overview of, 358 sample listing, 376–377
tag library descriptors, See also TLDs defined, 490 general tags, 367 locating, 360–361, 363–366 optional tags, 368 required tags, 367 taglibName.tld, 358 TLD resource path, 365, 490 tag values, 391–392, 490 <taglib> defined, 320–321 using in JSP pages, 360–361, 363–364 mapping to, 359–361, 361, 363–366 prefix attribute, 363–364 taglib-location tag, 363, 364, 365–366 taglib-uri tag, 363, 364, 365–366 using in TLD files, 366–368 uri attribute, 363
using in web.xml files, 358–361, 364–366 JSPs (Java Server Pages), 301–353, See also
HTML; Presentation tier action tags, See also jsp:useBean
attributes of, 345 defined, 330 jsp:fallback sub-tag, 335 jsp:forward, 331–332 jsp:include, 330–331 jsp:param, 335–336 jsp:params sub-tag, 335 jsp:plugin, 333–335 jsp:useBean, 336–345 overview of, 345, 357 warnings, 331, 332 attributes of, 317–321
communicating with servlets, 441–443 defined, 3, 4, 4
directives
defined, 315–316, 479 implicit objects in, 329 include directives, 316–317 page directives, 317–320 taglib directives, 320–321 elements declarations, 309–311, 329 defined, 321 directives, 315–321, 329 expressions, 311–312, 328, 481 hidden comments, 308–309
JSPs (Java Server Pages) – JSPs (Java Server Pages) 505 overview of, 308 scriptlets, 312–315, 329 exam essentials, 346–347 exceptions ClassCastException, 338, 339 IllegalArgumentException, 342 IllegalStateException, 332 InstantiatedException, 339 JspException, 375 NullPointerException, 344 HttpJspPage interface, 306, 306 implicit objects application objects, 322 application scope, 326, 326 config objects, 323, 477 config scope, 326, 327, 327 in declarations, 329 defined, 322, 483 in directives, 329 exception objects, 325, 480 exception scope, 326 in expressions, 328 life cycle of, 328–329
out objects, 325, 381–383, 485 out scope, 326 overview of, 304, 305, 330 page objects, 325 page scope, 326, 327, 327 pageContext objects, 323, 378 pageContext scope, 326 request objects, 324 request scope, 326, 327, 328 response objects, 324 response scope, 326 scope attributes, 326–328, 326–328 in scriptlets, 329 session objects, 324–325 session scope, 326, 327, 328 including custom tags in, 320–321 including static files in, 316–317, 331 jsp:useBean action application scope, 338 attributes, 337–338 beanName, 338 class name, 338 class type, 338 defined, 336 id name, 337
versus Java classes, 336–337 jsp:getProperty, 342–345 jsp:setProperty, 336, 339–342, 341, 441 page scope, 337 request scope, 337–338 session scope, 338 steps in, 339 JSP model, 301–302, 302, 483 JspPage interface, 306, 306 key terms, 347 life cycle first-person penalty, 307 jspDestroy() method, 306, 308, 311 jspInit() method, 306, 307, 311 _jspService(…) method, 306, 307, 308, 324 overview of, 303 sample listing, 303–305 servlet inheritance hierarchy,
305–306, 306 steps in, 307–308, 307 warning, 306
overview of, 346, 357, 483 real world scenario, 345
review question answers, 352–353 review questions, 348–351 scriptlets conditional statements, 312, 314–315 versus declarations, 313–314 defined, 312 disadvantage, 315 implicit objects in, 329
iterative statements, 312, 314, 315 JSP syntax, 312–313
_jspService(…) method and, 312, 313 XML syntax, 313
versus servlets, 4, 302–303, 302–303 using <taglib> in, 360–361, 363–364 XML syntax for
506 JspWriter class – MVC (Model View Controller) pattern jsp:directive.include, 316 jsp:directive.page, 320 jsp:expression, 311 jsp:scriptlet, 313 JspWriter class, 325, 330, 381–384, 385, 394 JVMs (Java Virtual Machines), 142
K
keys defined, 483 private keys, 251–252, 252, 486 public keys, 236–237, 251–254, 252, 486L
listener classes defined, 484distributable environments and, 149 of HttpSession objects HttpSessionAttributeListener, 139–141 HttpSessionBindingEvent of, 140–142 HttpSessionBindingListener, 144–145, 218–219 HttpSessionEvent of, 138–139, 224 HttpSessionListener, 137–139 listener methods, 137–139, 142–145, 218– 219 of ServletContext objects creating, 130–132 linking to containers, 132–133 methods of, 130–131, 134–135 overview of, 129 ServletContextAttributeEvent of, 134–135 ServletContextAttributeListener, 134 ServletContextEvent of, 133–134 ServletContextListener, 129–133, 134 local variables, 270, 271–273, 273, 290 locales, 57–58
logging error messages, 181–182
M
malicious code, 240 manifest files, 101 mapping default mapping, 98, 479 DTDs to TLDs, 360–361, 361, 364–366 exact mapping, 97, 480 extension mapping, 98, 481 filters to servlets, 154–155 filters to URL patterns, 155 implicit mapping, 98 mime-mapping, 110–111 path mapping, 97, 486 prefix mapping, 364, 486 request URLs to servlets, 97–98,107–109, 109
MAXLENGTH attribute of INPUT tag,
8, 484
/META-INF directory, 101–102, 484 METHOD attribute of FORM tag, 7 MIME (Multipurpose Internet Mail
Extension) defined, 17, 484
getMimeType() method, 125 mime-mapping, 110–111
MULTIPLE attribute of SELECT tag, 14 Multiple Value Objects strategy, 419–420, 420,
484
multithreaded model, See also thread safety defined, 484
request handling and, 73
thread safety, 270, 271, 280, 290–291 mutable values, 484, See also Updateable MVC (Model View Controller) pattern,
See also Web tier design patterns
advantages, 444
client login example, 440, 440 controllers, 438–441, 438, 440 defined, 438, 484
disadvantages, 444
MyJspPage.jsp – POST method 507 Model 1 design, 439, 440 Model 2 design, 439 models, 438–441, 438, 440 scrollbar example, 438–439, 438 views, 438–441, 438, 440 MyJspPage.jsp, 358, 361 MyTagName.class, 358
N
NAME attribute of INPUT tag, 8, 484 NAME attribute of SELECT tag, 14 nested tags, 362, 382–384, 385, 392–393 non-errors, 174
nonce values, 249–250, 250, 485 NullPointerException, 344
O
OPTION attribute of SELECT tag, 13 OPTIONS method, 32, 485 out objects, 325, 381–383, 485 out scope, 326 outer tags, 382, 485
P
page directives, 317–320, 485 page objects, 325, 485 page scope, 326, 327, 327, 337, 485 page-relative paths, 365, 485 pageContext objects defined, 323, 485JSP custom tags and, 374, 378, 381, 383, 398– 399 page attributes, 485 scope, 326 param action, 335–336, 485 parameters versus attributes, 126, 129 context parameters, 105, 124–126, 129, 322 getInitParameter(…) method, 105, 124, 125, 131 getParameter(…) method, 53–55 initialization parameters for context, 105, 124, 125, 131 for filters, 154 for servlets, 70–71, 106–107 overview of, 46
partial GET method, 26, 486 password control, 9 passwords, 249–250, 249–250 paths absolute paths, 365, 476 context path defined, 64, 65, 478
in mapping URLs to servlets, 97–98, 107– 109, 109
overview of, 104, 105 warning, 97
context-relative paths, 365, 478 elements in, accessing, 63–65 page-relative paths, 365, 485 path info, 64–65, 205, 208–209 path mapping, 97, 486 path translations, 65–66 servlet path, 64, 65, 97–98, 488 TLD resource path, 365, 490 permanently unavailable, 184, 486 plugin action, 333–335, 486 portability of web applications, 95 ports, 16
POST method, See also HTTP request methods advantages, 28
defined, 28, 486 disadvantage, 28
doPost(…) method and, 48 example, 28–30
versus GET method, 28, 30 security, 28, 30
508 practice exam answers – requests
practice exam answers, 469–474 practice exam questions, 456–468 prefix mapping, 364, 486
prefixes, 321, 362, 363–364, 486
Presentation tier, 2–42, See also J2EE; JSPs; Servlet model
defined, 413, 413, 486 exam essentials, 33–34 HTML forms, 5–6
HTML tags, See also HTML FORM tag FORM, 7–8
INPUT, 8–13 overview of, 5–6 SELECT, 13–14 TEXTAREA, 14–15
HTTP protocol, See also HTTP
client requests, 2, 4–5, 5, 18–22, 18–19 defined, 17–18, 18 DELETE method, 32, 479 GET method, 25–28 HEAD method, 31–32, 482 OPTIONS method, 32, 485 overview of, 2 POST method, 28–30 PUT method, 30–31 request methods, 2, 24–33 server responses, 2, 4–5, 5, 18, 22–24, 23 TRACE method, 32–33, 490 in J2EE model, 2–5, 4–5 key terms, 35 overview of, 2, 3, 4, 33, 302 query strings, 15–16
review question answers, 41–42 review questions, 36–40 Servlet model and, 4–5, 5 URIs, 17
URLs, 16 principals, 236, 486
private keys, 251–252, 252, 486 problems. See exception handling programmatic security, 238–240, 486 protocols, See also HTTP
defined, 16
Internet Protocol, 17
Secure Sockets Layer protocol, 236–237, 251
Transmission Control Protocol, 17 public keys, 236–237, 251–254, 252, 486 public variables, 416, 417–418 PUT method, 30–31, 32, 486
Q
query strings, 15–16, 487 QueryServlet, 132R
radio button controls, 12–13 redirect URLs, 209–210, 487
Remote Method Invocation (RMI), 204 RequestDispatcher defined, 487 forward(…) method, 76–78, 281, 282 forwarding requests to JSPs, 442–443 getNamedDispatcher(…), 74–75 getRequestDispatcher(…) method, 74–76, 125 include(…) method, 75–76, 281 passing errors to servlets, 179–181 sending requests to other servlets, 73–78 thread-safe request attributes,
281–283, 283
requests, See also HTTP request methods handling
dispatching to other servlets, 73–78 exceptions and, 73
multithreading and, 73 overview of, 72
service(…) method, 72–78 servlet requests, 72, 73
ServletContext object and, 74–75 header methods, 59–62
reset button controls – security 509
HTTP client requests, See also Presentation tier body, 19, 22 categorizing, 18, 19 defined, 5, 5, 18, 18 empty lines, 22 headers, 19–22, 19 overview of, 2, 4, 4 request lines, 19, 19
HttpServletRequest objects, See also Servlet model context path, 64, 65 defined, 52, 52, 59 extracting cookies, 66, 212, 213–214 handling, 72, 73 parameter methods, 46, 59 path elements, 63–65 path info, 64–65, 205, 208–209 request header methods, 59–62 servlet path, 64, 65
user information methods, 239 virtual path translations, 65–66 request objects, 44–45, 51, 324, 487 request/response paths, 51–52, 52 scope, 326, 327, 328, 337–338, 487 ServletRequest objects
attributes, 56–57
data encoding methods, 58–59 defined, 52, 53
get locale methods, 57–58 handling, 72, 73
parameter methods, 53–56 service(…) method, 72
URLs, mapping to servlets, 107–109, 109 reset button controls, 11
responses
defined, 46, 487
HTTP server responses, See also Presentation tier body, 23, 24 categorizing, 22, 23 defined, 5, 5, 18, 18, 22, 23 headers, 23–24, 23 images in, 24 overview of, 2, 4, 4 status lines, 23, 23
HttpServletResponse objects, See also Servlet model
adding cookies to, 66, 211, 212–213 defined, 52, 52, 59
header response methods, 62–63 sendError(…) method, 171–173 setStatus(…) method, 173–174 response objects, 324, 487 response scope, 326 ServletResponse objects construction methods, 56 defined, 52, 53
set locale method, 58
RMI (Remote Method Invocation), 204 role-based security, 237–240, 487 root. See context
ROWS attribute of TEXTAREA tag, 15 RuntimeException, 182–183
S
scope
defined, 122, 488
defining for attributes, 396–399, 397 of implicit objects, 326–328, 326–328 scriptlets, See also JSPs
conditional statements, 312, 314–315 versus declarations, 313–314
defined, 312 disadvantage, 315 implicit objects in, 329
iterative statements, 312, 314, 315 JSP syntax, 312–313
_jspService(…) method and, 312, 313 XML syntax, 313
scrollbar example, 438, 438–439
Secure Sockets Layer (SSL), 236–237, 251 security, 234–267
access lists, 238, 476 antivirus software, 240, 241 auditing user roles, 237–240
510 SELECT control – Servlet model authentication methods BASIC method, 241, 242–246, 242, 258 CLIENT-CERT method, 242, 251–254, 252, 258 defined, 236, 476 DIGEST method, 242, 249–251, 249–250, 252, 258 FORM method, 241, 246–249, 247 in JAAS API, 236 authorization, 235–236, 235, 476 client-server security, 235, 235 data integrity, 236–237 declarative security, 237–238, 240, 479 deployment descriptor tags
auth-constraint, 238, 244, 245, 257 auth-method, 245, 257 in BASIC authentication, 243–246 description, 246 in FORM authentication, 248–249 form-error-page, 248, 249, 257 form-login-config, 248–249, 257 form-login-page, 248, 249, 257 http-method, 244–245, 257 login-config, 245–246, 248, 257 overview of, 256–257 realm-name, 246 in role-based security, 237–238, 240 role-name, 238, 246, 257
sample listing of, 255–256 security-constraint, 237–238, 243–245, 256 security-role, 246 url-pattern, 238, 244, 245, 256 web-resource-collection, 237–238, 244, 256 web-resource-name, 238, 244, 256 exam essentials, 258–261 firewalls, 241, 481 hackers, 234, 241, 482 intruder detection, 241
J2EE security model, 235–236, 235 key terms, 261 malicious code, 240 overview of, 234–235, 257–258 passwords, 249–250, 250 of POST method, 28, 30 principals, 236, 486 programmatic security, 238–240 public key encryption, 236–237 real world scenario, 254
review question answers, 266–267 review questions, 262–265
SELECT control, See also HTML FORM tag defined, 13 MULTIPLE attribute, 14 NAME attribute, 14 OPTION attribute, 13 overview of, 7–8 sendError(…) method, 171–173, 181, 182, 488
server responses. See responses
Server tier, See also Business Logic tier; J2EE application servers, 4, 413, 413, 476 Enterprise Java Beans
defined, 3, 4, 413, 480 entity beans, 413–414, 414 session beans, 415–416, 415 overview of, 412, 413
servers. See application servers; web servers service(…) method, 72–78
servlet exceptions, See also exception handling IllegalStateException, 173, 222
overview of, 182–183 RuntimeException, 182–183 ServletException
defined, 182–184, 488 init() method and, 72 service(…) method and, 73
UnavailableException, 72, 73, 183, 184–185
Throwable objects and, 183, 184, 187, 188, 325
Servlet model, 44–91, See also Presentation tier defined, 4–5, 5, 44, 488
Servlet model – Servlet model 511
exam essentials, 80–83
HttpServlet doXXX(…) request methods content type and, 47
defined, 44–45 doDelete(…), 49–50 doGet(…), 46–47 doHead(…), 49 doOptions(…), 50 doPost(…), 48 doPut(…), 48–49 doTrace(…), 51 error handlers, 46 overview of, 45, 73 parameters, 46 signatures, 45 HttpServletRequest objects context path, 64, 65 defined, 52, 52, 59 extracting cookies, 66 parameter methods, 59 path elements, 63–65 path info, 64–65, 205, 208–209 request handling, 72, 73 request header methods, 59–62 servlet path, 64, 65
virtual path translations, 65–66 warning, 59
HttpServletResponse objects adding cookies to, 66 defined, 52, 52, 59
header response methods, 62–63 sendError(…) method, 171–173 setStatus(…) method, 173–174
HttpSession objects, See also HttpSession; sessions
attribute methods, 67–68 configuring, 109–110 defined, 66
life span/info methods, 67 overview of, 68
session ID method, 68
initializing servlets
deployment descriptors and, 70 using init(…) method, 69 using init() method, 69–72
using init-param tags, 70–71, 106–107 overview of, 69, 72
problems in, 72
ServletConfig object and, 69–72 ServletContext method and, 71 ServletName method and, 71 web.xml files and, 70–71 key terms, 84
overview of, 44, 80 real world scenario, 79 request handling
exceptions and, 73
forward(…) method and, 76–78, 281, 282
include(…) method and, 75–76, 281 overview of, 72
request dispatching, 73–78 service(…) method, 72–78 servlet requests, 72, 73
ServletContext object and, 74–75 threading and, 73
request objects, 44–45, 51 request/response paths, 51–52, 52 review question answers, 90–91 review questions, 85–89 servlet life cycle methods
ClassLoader, 69 containers and, 68 defined, 68, 488 destroy(), 73, 78–79 init(), 69–72 overview of, 69 service(…), 72–78 ServletRequest objects attributes, 56–57
data encoding methods, 58–59 defined, 52, 53
512 ServletConfig objects – servlets getLocale() methods, 58 handling, 72, 73 parameter methods, 53–56 service(…) method, 72 ServletResponse objects defined, 52, 53
methods for constructing, 56 set locale method, 58 ServletConfig objects
config object, 323, 477 config scope, 326, 327, 327 defined, 488
GenericServlet class and, 69, 123 getServletContext() method, 71, 123 in initializing servlets, 69–72
ServletContext objects, 122–135, See also containers; context
accessing /WEB-INF files, 98–99 attributes
changes to, 141
versus context parameters, 126, 129 defined, 126, 285 defining, 126–127, 285–286 methods, 127–129, 134–135 names, predefined, 128 thread-safety in, 287 defined, 122–123 in distributable environments, 147, 149 HttpSession objects and, 216–217 JSP tag for accessing, 322
listener classes creating, 130–132 defined, 484 linking to containers, 132–133 methods, 130–131, 134–135 overview of, 129 ServletContextAttributeEvent of, 134–135 ServletContextAttributeListener, 134 ServletContextEvent of, 133–134 ServletContextListener, 129–133, 134 warning, 133 methods attribute methods, 127–129, 134–135 contextDestroyed(), 130, 131 contextInitialized(), 130, 131 getInitParameter(), 105, 124–125, 131 getMimeType(), 125 getName(), 135 getRequestDispatcher(), 74–76, 125 getResource(), 125 getResourceAsStream(), 125–126 getServletContext(), 71, 123, 133, 135 getValue(), 135 overview of, 123 parameters versus attributes, 126, 129 defining, 105, 124–125, 129, 131 warning, 124 in request handling, 74–75 warnings, 124, 133
ServletRequest objects, See also requests; Servlet model
attributes, 56–57
data encoding methods, 58–59 defined, 52, 53
get locale methods, 57–58 handling, 72, 73
parameter methods, 53–56 service(…) method, 72
ServletResponse objects, See also responses; Servlet model
construction methods, 56 defined, 52, 53
set locale method, 58 servlets, See also JSPs
defined, 3–5, 4–5, 301, 488 defining parameters, 105–107 distributable environments and, 147 inheritance hierarchy, 305–306, 306 interfaces, 305, 306
JSP communication with, 441–443 versus JSPs, 4, 302–303, 302–303 mapping filters to, 154–155
mapping request URLs to, 107–109, 109 passing errors to other, 179–181
sessions – support classes 513
servlet path, 64, 65, 97–98, 488 session beans, 415, 415–416, 488 sessions, 198–232, See also HttpSession
attributes, 488 attributes, thread-safe, 271, 284–285, 285, 290 defined, 135, 488 exam essentials, 225–226 HTTP protocol and, 198–199, 220 using HttpSession objects
attribute methods, 215, 218 getSession() methods, 215 HttpSessionBindingListener, 218–219 HttpSessionListener, 219–220, 224 listener methods, 218–219 overview of, 214–215 sample listings, 215–216, 217–218 ServletContext and, 216–217 session-config tags, 109, 110 warning, 215 invalidating HTTP protocol and, 220 IllegalStateExceptions and, 222 overview of, 223
saving data before, 220 session timeouts and, 221–222 ways of, 220
key terms, 226
overview of, 198, 224–225 real world scenario, 223–224 review question answers, 231–232 review questions, 227–230 session IDs
in cookies, 211–214 generating, 204
in HttpSession objects, 214
in manual URL rewriting, 202–205, 208–209 in URL encoding, 209–211 session objects, 199, 324–325, 489 session scope, 326, 327, 328, 338, 489 tracking using cookies, 211–214
using hidden HTML values, 199–202, 202 using HttpSession objects, 214–224 overview of, 198–199
tracking using URL rewriting defined, 202–203, 491
using encodeRedirectURL() method, 209– 210
using encodeURL() method, 209, 210–211
manual rewriting, 203–209, 206 “set” method of value objects, 416, 417–419 setAttribute() method, 56–57, 127, 128–129 setBodyContent(…) method, 381, 385, 386, 387 setLocale() method, 58 setMaxInactiveInterval(…) method, 221 setProperty action, 336, 339–342, 341, 441, 489 setStatus(…) method, 173–174 setXXX(…) method, 395 .sf (signature file), 102 signatures, digital, 102, 251–253, 252, 479 SingleThreadModel, 270, 287–289, 288–289, 489
SIZE attribute of INPUT tag, 8, 489 source code syntax. See DTDs; HTML; JSP SRC attribute of INPUT tag, 8
SSL (Secure Sockets Layer), 236–237, 251 stack trace, 181–182, 489
static error pages, 175–176, 186, 489 static files in JSPs, 316–317, 331 static include, 317, 489
static variables, 146 status lines, 23, 23
submit button controls, 10–11 suffixes, 362, 489
support classes, See also JSP custom tags base class in, 391, 476
BodyTagSupport, 358, 373, 390, 393–395 defined, 373, 373, 489
514 synchronization – TLDs
TagExtraInfo, 390, 395–399, 397 TagSupport, 373, 390, 391–393 synchronization, 147, 287, 489 synchronized code blocks, 274–276,
275, 489
T
Tag interface, See also JSP custom tags constants, 375
defined, 372 hierarchy, 373, 373
implicit objects and, 377–378 life cycle, 376, 376
methods, 374–376 overview of, 358 sample listing, 376–377 tag library descriptors. See TLDs tag values, 391–392, 490
TagExtraInfo class, 390, 395–399, 397 taglib directives, 320–321, 490 tags. See DTDs; HTML; JSP
TagSupport class, 373, 390, 391–393 TCP (Transmission Control Protocol), 17 temporarily unavailable, 184, 490 text field controls, 9
text wrapping, 15
TEXTAREA control, See also HTML FORM tag COLS attribute, 15 defined, 14 overview of, 7–8 ROWS attribute, 15 WRAP attribute, 15
thread safety, 270–298, See also multithreaded in class variables, 271, 277–280, 279–280, 290 in context attributes, 271, 285–287, 290 deadlocks and, 275 exam essentials, 291–292 in instance variables, 271, 273–276, 274–275, 280, 280, 290 key terms, 292 in local variables, 270, 271–273, 273, 290 making variables immutable, 276
in multithreaded model, 270, 271, 280, 290– 291
overview of, 270, 291 performance reductions and,
275–276, 275
real world scenario, 290–291 in request attributes, 271, 281–283,
283, 290
review question answers, 297–298 review questions, 293–296
in session attributes, 271, 284–285, 285, 290 in SingleThreadModel, 270, 287–289,
288–289
using synchronized code blocks, 274–276, 275
Throwable objects, 183, 184, 187, 188, 325 TLDs (tag library descriptors), See also JSP
custom tags
defined, 359, 366, 490
defining BodyTag interface in, 386–387 general tags, 367 locating, 360–361, 361, 363–366 optional tags, 368 required tags, 367 <tag> tags, 360, 368–371 <taglib> tags defined, 320–321 using in JSP pages, 360–361, 363–364 mapping to, 360–361, 361, 363–366 prefix attribute, 363–364 sample listings, 359–360, 364–365, 366–367 taglib-location tag, 363, 364, 365–366 taglib-uri tag, 363, 364, 365–366 using in TLD files, 366–368 uri attribute, 363
using in web.xml files, 358–361, 364–366
Tomcat server – web applications 515
taglibName.tld file, 358 TLD resource path, 365, 490 Tomcat server
accessing servlet classes, 177 defined, 96, 107
JSPs and, 303 security tags, 245
web application directory, 107 TRACE method, 32–33, 490 traceroute, 32–33, 490 translation units, 320, 490
TYPE attribute of INPUT tag, 8–13, 490
U
UID class, session IDs and, 204
UnavailableException, 72, 73, 183, 184–185 Updateable (or Mutable) Value Object strategy,
417–419, 491
uri attribute in JSP, 321, 363, 364, 365–366 URIs (Uniform Resource Identifiers), 17, 491 URLs (Uniform Resource Locators)
defined, 16, 491 mapping filters to, 155
mapping to servlets, 107–109, 109 redirect URLs, 209–210, 487 URL rewriting
defined, 202–203, 491
using encodeRedirectURL() method, 209– 210
using encodeURL() method, 209, 210–211
manual rewriting, 203–209, 206 useBean action, 336, 491
V
validating attributes, 398
VALUE attribute of INPUT tag, 8, 10, 491
Value Object pattern, See also Web tier design patterns
advantages, 425 defined, 416, 491 disadvantages, 425–426 Entity Inherits Value Object,
421–422, 480 “get” method, 416, 419 isolation level, 425
Multiple Value Objects, 419–420, 420, 484 public variables, 416, 417–418
“set” method, 416, 417–419
Updateable (or Mutable) Value Object, 417– 419
Value Object Factory, 422–424, 491 value object life cycle, 416–417, 417 value objects, defined, 416, 491 valueBound() method, 144 valueUnbound() method, 144, 145 variables, See also implicit objects
class variables, 271, 277–280, 279–280, 290, 477
instance variables defined, 483
distributable environments and, 146 thread safety in, 271, 273–276, 274–275,
280, 280, 290
local variables, 270, 271–273, 273, 290 making immutable, 276
public variables, 416, 417–418 static variables, 146
thread safety of, 271
vendor dependent code, 426–427 views in MVC, 438, 438–441, 440 virtual path translations, 65–66
W
WAR (web archive) files, 99–101, 491 web applications, 94–120
516 Web Client model – Web tier design patterns
deployment descriptor tags, See also DTDs ?xml, 105 context, 104, 105, 107 context path, 104, 105, 108, 109 defined, 70, 103 docbase, 105, 108, 109 !DOCTYPE…, 105 init-param, 106–107 mime-mapping, 110–111 sample listings, 70–71, 103–105 servlet, 106–107, 277 servlet-mapping, 107–109, 109 session-config, 109, 110, 221 session-timeout, 110, 221 url-pattern, 107–109, 109 web-app, 105 welcome-file-list, 111–112
directory structure and, See also containers; context
/META-INF directory and, 101–102 /WEB-INF layer, 95–96, 98–99, 492 client-viewable files, 96, 101–102 context layer, 95–98
overview of, 95–96
real world scenario, 102–103 sample layout, 102
web archive files and, 99–101 elements in, 94–95
exam essentials, 113–114 key terms, 114
overview of, 94, 113 portability, 95
review question answers, 119–120 review questions, 115–118
Web Client model. See Presentation tier web components, 3, See also servlets web servers, See also HTTP; Web tier
defined, 4, 4, 492 ports, 16
servernames, 16 in Servlet model, 5, 5
Web tier, 3–4, 4, See also J2EE; JSPs; servlets; web servers
Web tier design patterns, 412–453 Business Delegate pattern
advantages, 436–437
Business Delegate layer, 435, 477 business services and, 435, 436 caching client results, 435–436 defined, 434–435, 436, 477
Delegate Adapter strategy, 436, 479 Delegate Proxy strategy, 436, 479 disadvantages, 436, 437
intercepting server-side exceptions, 435 naming and lookup services, 435 Data Access Object pattern
advantages, 433–434
Automatic Code Generated DAO, 430 Basic DAO, 428–429
business objects and, 427, 427, 428 data access objects, 427–428, 427, 478 defined, 427, 427–428, 479
disadvantages, 434 EIS transactions and, 427 Factory for DAO, 430–433 JDBC API and, 426 sample listing, 429
vendor dependent code and, 426–427 design patterns, defined, 412, 479 exam essentials, 446
J2EE model and, 412, 413 key terms, 447
Model View Controller pattern advantages, 444
client login example, 440, 440 controllers, 438–441, 438, 440 defined, 438, 484 disadvantages, 444 JSP/servlet communication, 441–443 Model 1 design, 439, 440 Model 2 design, 439 models, 438–441, 438, 440 scrollbar example, 438–439, 438 views, 438–441, 438, 440 overview of, 445–446 real world scenario, 444–445
/WEB-INF directory – XML syntax 517
review question answers, 452–453 review questions, 448–451 Server tier and, 413–416, 414–415 Value Object pattern
advantages, 425 defined, 416
disadvantages, 425–426
Entity Inherits Value Object, 421–422 “get” method, 416, 419
isolation level, 425
Multiple Value Objects, 419–420, 420 public variables, 416, 417–418 “set” method, 416, 417–419
Updateable (or Mutable) Value Object, 417–419
Value Object Factory, 422–424 value object life cycle, 416–417, 417 value objects, defined, 416, 491 /WEB-INF directory, 95–96, 98–99 web.xml files, 103, See also DTDs welcome-file-list tag, 111–112 WorldTalk Inc. scenario, 371–372 WRAP attribute of TEXTAREA tag, 15 wrapping text, 15