Java 2 Web Developer Certification Study Guide Natalie Levi

(1)

SYBEX Index

Java

™

2 Web Developer

Certification Study Guide

Natalie Levi

Index

Copyright © 2002 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic or other record, without the prior agreement and written permission of the publisher. ISBN: 0-7821-4202-8

SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the USA and other countries.

TRADEMARKS: Sybex has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer. Copyrights and trademarks of all products and services listed or described herein are property of their respective owners and companies. All rules and laws pertaining to said copyrights and trademarks are inferred.

This document may contain images, text, trademarks, logos, and/or other material owned by third parties. All rights reserved. Such material may not be copied, distributed, transmitted, or stored without the express, prior, written consent of the owner.

The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturers. The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to

performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book.

Sybex Inc.

1151 Marina Village Parkway Alameda, CA 94501 U.S.A.

Phone: 510-523-8233 www.sybex.com

(2)

Index

Note to the reader: Page numbers in bold indicate primary discussions of a topic or the definition of a term. Page numbers in italics indicate illustrations.

A

absolute path, 368, 458 Accept header, 19, 20 access list, 238, 458 actions, 331–347 about, 331–332 creating custom JSP, 359–360 custom, 359 defined, 332, 458 exam essentials for, 349 jsp:forward, 333–334 jsp:getProperty, 344–347 jsp:include, 332–333 jsp:param, 337–338 jsp:plugin, 335–337 jsp:setProperty, 338, 341–344, 343, 444, 471 jsp:useBean, 338–348

summary of attributes and subactions, 347 application object, 324, 458

application scope, 328, 458 application server, 415,417, 458 applications, 323

architecture. See also Web client model J2EE

about, 2–5

entity beans and, 416–417, 416, 462 illustrated, 4

session beans and, 417–418, 417, 471 Servlet model, 4–5, 5

web application directory structure, 95–103 context, 96–98

exam essentials for, 113 hierarchical layers of, 95–96

location of client-viewed files in, 101–102 /META-INF, 101, 466

WAR file, 99–101 attackers, 234

attributes

associated with servlet requests, 56–58 defined, 458

defining and storing, 126–127 error, 187

for include tag, 333 of INPUT tag, 7–11 JavaBean, 339–340 beanName, 340 class, 340 id, 339 scope, 330, 330, 339–340, 471 type, 340 jsp:getProperty, 346 jsp:plugin mandatory, 335 optional, 336 jsp:setProperty, 343–344 JSP custom tag, 364

notifying client session of changed, 139–140 page directive, 319–321, 327, 468

parameters vs., 286 predefined request, 57

quotes around definitions of INPUT, 11 of Servlet model session object, 68 for ServletContext object, 129 setting object attributes within, 83 thread safety of, 281–287, 292

context, 271, 285–287 request, 271, 281–284, 283

session, 271,284–285, 285

auditing, 237–240

declarative security, 237–238 exam essentials for, 259 programmatic security, 238–240 auth-constraint tag, 245, 261 authentication

about, 235–236

(3)

476 authorization – client certificate

CLIENT-CERT, 251–254, 252, 261 defined, 236, 458

DIGEST, 249–251, 250, 261 exam essentials for, 259, 261 FORM, 247–249, 248, 261 handling in web.xml file, 255–257 overview, 241–242

authorization about, 235–236 defined, 236, 458 exam essentials for, 259

Automatic Code Generated DAO strategy, 432–433, 458

B

base class, 393, 458

BASIC authentication, 242–246 defined, 241

exam essentials for, 261

login-config element, 245–246,260–261 overview, 242–243, 258

security-constraint element, 237–238, 243–245, 260 security-role tags, 246

user name and password dialog box for, 242

Basic DAO strategy, 431–432 Bean Managed Persistence (BMP), 431 beanName attribute of useBean action, 340 binary streams, 82

BingoServlet

launching, 206–207 sample listing for, 208–209 using cookies with, 213–214

using HttpSession object with, 217–218 BMP (Bean Managed Persistence), 431 body

of HTTP client requests, 21 of HTTP server response, 23

separating from header of HTTP client requests, 21 body content, 364–365, 459

BodyContent object flushing of, 392 handling, 384–387 BodyTag interface, 383–392

accessing enclosing writer, 387, 387

handling body content, 384–387 life cycle of, 388, 388

sample listing of, 390–391

BodyTagSupport class, 360–361, 392, 396–398, 397 boolean is Permanent() method, 185

Botanical Market scenario, 102–103 Business Delegate layer, 438, 459 Business Delegate pattern, 437–440

about, 414

advantages of, 439–440 defined, 459

Delegate Adapter strategy, 439 delegate in application design, 438

Delegate Proxy strategy, 439 disadvantages of, 440 overview, 437–439, 449 Business Logic layer, 359 business objects, 431, 459 business services, 437,438, 459 Business tier, 4

button attribute for INPUT tag, 11

C

CA (certificate authority), 253, 459 case sensitivity

of Java elements, 309 of request mapping, 98

CGI (Common Gateway Interface), 302 CHECKED attribute for INPUT tag, 8, 11, 459 CheckerServlet, 206–207

class attribute of useBean action, 340 class variables, 277–281, 279, 280

defined, 271, 459 exam essentials for, 292 in SingleThreadModel, 289

thread safety of, 271, 272, 290 using, 278–280, 279, 280

CLIENT-CERT authentication, 242,251–254 certificate information, 253–254

defined, 242

digital signatures, 252

exam essentials for, 261 overview, 251–254, 259 client certificate, 251, 459

(4)

clients – data encoding for ServletRequest object 477

clients. See also Web client model client requests in HTTP, 18–21

body of, 21

common header tags for, 20–21 example of, 18

format of request line, 18–19 header in, 19

in DIGEST process, 250, 250

linking of session objects and attributes to, 285

obtaining own local variables, 273, 273

reducing method calls with Value Object pattern, 418 clustering, 146

CMP (Container Managed Persistence), 431 Common Gateway Interface (CGI), 302 compile time, 333

conditional GET, 459 config object, 325, 459

Container Managed Persistence (CMP), 431 containers

creating

instance and registering listener classes before application requests, 133

multiple servlet instances per registered name, 288, 288

ServletConfig object, 69–70 defined, 3, 460

distributed, 148–150

implict and explicit mapping, 98 making application accessible by, 94 management of servlets in, 69

preventing web application deployment from same context path, 97

providing mapping information for, 107 registering session listeners to, 220 servlet container model, 121–165

distributable environment, 146–150 EEI mail application scenario, 145 exam essentials for, 157–159 filters, 150–155

HttpSession object, 135–146 key terms for, 159

overview, 156–157

review questions/answers, 160–163, 164–165 ServletContext object, 122–135

session ID transmittal determined by, 215 support for distributed, 148–150

context, 96–98. See also ServletContext object defined, 96, 460

overview of, 95

context attributes, 285–287 defined, 271, 285–286, 460 exam essentials for, 292 thread safety of, 290 context object, 123, 460 context paths, 64, 460

mapping different paths with Context tag, 107 preventing web application deployment from

same, 97 context-relative path, 367, 460 Context tag, 107 controller, 441, 441 controls, 9, 460 cookies defined, 66–67, 460 with OverviewServlet, 212–213 retrieving and adding to response, 83 tracking sessions with, 211–214, 225 using with BingoServlet, 213–214 custom actions. See JSP custom tags custom exception pages, 187–188 custom tag mapping, 363 custom tags. See JSP custom tags

D

DAO objects, 430, 461

Data Access Object (DAO) pattern, 429–437 about, 414

advantages of, 436–437

Automatic Code Generated DAO strategy, 432–433 Basic DAO strategy, 431–432

DAO objects, 430 defined, 461

disadvantages of, 437

Factory for DAO strategy, 433–436 overview, 429–431, 448–449 data access objects (DAO), 430, 461

(5)

478 data integrity – doXXX (...) request methods

data integrity, 236–237, 259 instance locks and, 274–275, 275 synchronizing instance variable data, 275 using instance variable safely, 276 declarations, 310–312

defined, 461

as implicit objects, 330–331

overriding void jspInit() and void jspDestroy() methods, 307

overview of, 323

declarative security, 237, 461 default mapping, 98, 461

Delegate Adapter strategy, 439, 461 Delegate Proxy strategy, 439, 461 DELETE method, 31, 461

deployment descriptor. See also web.xml file basic, 105–106

filters defining, 154–155 known as web.xml file, 70, 103 sample, 103–105

taglib directives in, 366–368 using taglib element in, 366–368

deployment descriptor tags, 103–112. See also deployment descriptor

basic servlet tags, 105–106 for distributable environment, 148 exam essentials for, 114

for handling exceptions, 190

identifying element names for WebApp, 158 initialization parameters for servlet tag, 106–107 mapping URL to servlet, 107–109, 109

MIME type mappings, 110–111 security, 255–258, 260–261

setting timeout flag with session-config tag, 109–110

welcome file list, 111–112

design patterns. See also Web tier design patterns about, 414 defined, 461 destroy() method, 79 digest, 250, 250, 461 DIGEST authentication, 242, 249–251, 250 creating a digest, 250, 250 defined, 242

exam essentials for, 261 nonce, 249, 250, 250, 467 overview, 259 process of, 250, 250 digital certificates, 253, 461 digital signature, 251, 252, 461 directives, 316–322 about, 316–317, 322–323 defined, 462 as implicit objects, 331 include, 317–319 page, 319–321 taglib, 322, 365–375 defined, 322 in deployment descriptor, 366–368 identifying on JSP page, 402

identifying tag use on JSP page, 365–366 including in JSP page, 365–366

directory structure, 95–103. See also containers; context; web applications

context, 96–98 defined, 96 overview of, 95

exam essentials for, 113 hierarchical layers of, 95–96

location of client-viewed files in, 101–102 /META-INF, 101, 466

setting path for referencing ErrorServlet, 177 WAR file, 99–101

/WEB-INF directory, 95–96, 98–99, 177 distributable environments, 146–150. See also

containers defined, 462

deployment descriptor tag for, 148 distributed containers, 148–150 exam essentials for, 158–159 overview of, 146–147 distributed containers, 148–150 doAfterBody() method, 388, 389, 391, 404 doDelete(...) method, 50 doEndTag() method, 388, 389, 391, 404 doInitTag() method, 388 doStartTag() method, 387, 389, 404 doXXX (...) request methods, 44–51

common features of, 45–46 doDelete (...), 50

doGet(...), 46–48 doHead (...), 49 doOptions (...), 50–51 doPost(...), 48

(6)

DTD (document type definition) – files 479

doPut(...), 48–49 doTrace (...), 51 overview, 44–45

DTD (document type definition), 105, 462 dynamic error pages, 176–179, 187–188, 462

E

EEI mail application scenario, 145

EIS (Enterprise Information Systems), 3, 462 EIS tier

illustrated, 4

J2EE tier design for Web, 415 EJBs (Enterprise Java Beans)

defined, 415, 462

entity beans, 416–417, 416, 462 illustrated, 3

Multiple Value Objects strategy and, 422–423, 466 session beans, 417–418, 417, 471

encodeURL(...) method, 209–211, 226 end of servlet service, 79

entity beans, 416–417, 416, 462

Entity Inherits Value Object strategy, 423–425, 462 error-code tag, 176

error handling. See exception handling error pages, 175–180

dynamic, 176–179

forwarding requests with RequestDispatcher, 179–180, 180, 190 generating with sendError(...) method, 171–173, 189 setStatus(...) method, 174, 175 overview, 175 passing errors, 179–180

sample listing dynamically generating, 187–188 static, 175–176

EVAL_BODY_BUFFERED, 404 EVAL_BODY_INCLUDE, 377, 404 event classes

registering listener classes before application requests, 133

same listener tag used by all, 133

ServletContext object listener interfaces and, 129–135

events, 462

exact mapping, 97, 462

exception handling, 167–196

deployment descriptor tags for, 190 error pages, 175–180

dynamic error pages, 176–179, 462 overview, 175

passing errors, 179–180, 180 static error pages, 175–176 exam essentials, 189–190

for HttpServlet request methods, 46 key terms, 190

logging messages, 181–182 reporting messages, 181–182 writing messages to log file, 181, 190 overview, 188–189

problem notification, 168–175

example of HTML output and servlet exception handling, 169–171

sendError(...) method, 171–173, 189 setStatus(...) method, 173–175, 189 review questions/answers, 191–194, 195–196 scenario planning for, 185–186

servlet exceptions, 182–188 exception pages, 186–188 overview, 182–183 ServletException class, 183–184 throwing UnavailableException, 184–185 exception object, 327, 463 exception pages, 186–188 exceptions, 168, 463

Exotic Birds, Inc., scenario, 80 expressions

defined, 463

exam essentials for, 323 as implicit object, 330

syntax and rules for writing, 312–313, 323 extensible, 463

Extensible Markup Language. See XML extension mapping, 97, 463

F

factory, 433, 463

Factory for DAO strategy, 433–436, 463 files. See also WAR files; web.xml file

index.html, 111–112 JAR, 99, 100–101

(7)

480 filter-class tag – HTML forms

location of client-viewed, 101–102 MANIFEST.MF, 101

minus sign in WAR file option tags, 100 naming of JSP, 304

signature, 101 WAR, 99–101

writing error messages to log, 181 filter-class tag, 154 filter-mapping tag, 155 filter-name tag, 154–155 filters, 150–155 creating, 152–154 defined, 463

defining deployment descriptor, 154–155 life cycle of, 151–152, 151

overview, 150 sample listing of, 154

findAncestorWithClass(...) method, 394–395 firewalls, 241, 463

first-person penalty, 308, 463 flush tag for jsp:include, 333 FORM authentication

custom authentication form, 248 defined, 241

exam essentials for, 261 form-login-config element, 249 overview, 247–249, 258 form-login-config element, 249 FORM tag, 6–7 forms, 199–202, 202, 463 forward action, 333–334, 464 forward(...) method

servlet request dispatching and, 77–79 transferring

control of HTTP request to target resource, 281 duties of RequestDispatcher with, 84

G

GenericServlet class, 181, 190 GET method

defined, 464

exam essentials for, 33

generated for FORM tag when method unspecified, 7 identifying HttpServlet class methods for, 81

overview of, 24–27 partial GET, 468 getBodyContent() method, 386 getEnclosingWriter, 386–387, 387 getMaxInactiveInterval(...) method, 221–222 getParameter (...) method, 54–55 getProperty action, 344–347, 464 getRequestDispatcher() method, 75, 282 getServletContext() method, 72 getServletName() method, 72

H

hackers, 234, 464 HEAD method defined, 464

doHead (...) method of HEAD request, 49 exam essentials for, 33–34

overview of, 30–31 headers

common tags for client requests, 20–21 in HTTP client requests, 19

in HTTP server response, 22–23

sample request for HttpServletRequest object, 60–62 separating from body of HTTP client requests, 21 hello.jsp source code, 304–306

hidden attribute for INPUT tag, 9 hidden comments, 310, 322, 464

hidden HTML values, 199–202, 202, 224, 464 HTML (Hypertext Markup Language), 5–16

defined, 464 FORM tag, 6–7

identifying request’s parameters and header information, 81–82 INPUT tag, 7–12 overview of, 5 query strings, 14–16, 469 SELECT tag, 13–14 TEXTAREA tag, 14 URIs, 16, 473 when to use, 6 HTML forms defined, 463

storing client data between servlets for later use, 199–202, 202

(8)

HTML tags – idempotent 481 HTML tags, 6–14 FORM, 6–7 INPUT, 7–12 SELECT, 13–14 TEXTAREA, 14

HTTP (Hypertext Transfer Protocol), 16–32 client request, 18–21

closing connections after each request to server, 221 defined, 464–465

GET method defined, 464

exam essentials for, 33

generated for FORM tag when method unspecified, 7

identifying HttpServlet class methods for, 81 overview of, 24–27

partial GET, 468

identifying interface and methods to retrieve requests, 81–82

redirecting requests to another URL, 82, 469 request methods, 23–32

DELETE, 31 GET, 24–27 HEAD, 30–31

HTTP request/response communication, 17–18 identifying HttpServlet class methods for, 81 OPTIONS, 31–32

overview, 23–24 POST, 27–29 PUT, 29–30 TRACE, 32

request/response communication for, 17–18 server response, 21–23 http-method tag, 245 HTTP request methods, 23–32 DELETE, 31, 461 GET, 24–27 HEAD, 30–31 HTTP request/response communication, 17–18 identifying HttpServlet class methods for, 81 OPTIONS, 31–32 overview, 23–24 POST, 27–29 PUT, 29–30 TRACE, 32 HttpServlet class, 81

HttpServlet request methods

parameters and error handling for, 46 structure of methods, 45–46

HttpServletRequest object, 59–67 cookies, 66–67

methods to generate session ID, 211 path elements, 64–65

context path, 64 path info, 65, 468 servlet path, 64–65, 471 request methods for, 60 sample header request, 60–62 security methods for, 239

HttpServletResponse object. See also HttpServlet Request object

response methods for, 62–63 HttpSession object, 135–146

about, 67

assigning to client after request mapped to servlet, 109–110

defined, 464

how sessions work, 135–137, 135, 136 HttpSessionActivationListener, 142–144, 156 HttpSessionAttributeListener, 139–142, 158 HttpSessionBindingEvent, 142 HttpSessionBindingListener, 144–146, 156, 219 HttpSessionEvent, 139 HttpSessionListener, 137–139, 156, 219–220 methods for accessing or creating session, 137 overview, 156 using, 215–219 with BingoServlet, 217–218 with OverviewServlet, 216–217 HttpSessionActivationListener, 142–144, 156 HttpSessionAttributeListener, 139–142, 158 HttpSessionBindingEvent, 142, 156 HttpSessionBindingListener, 144–146, 156, 219 HttpSessionEvent, 139, 156 HttpSessionListener, 137–139, 156, 219–220

I

id attribute of jsp:useBean, 339 idempotent, 47, 465

(9)

482 IllegalStateException – Java applets IllegalStateException, 173 immutable, 276, 465 implicit objects, 323–331 application object, 324 bolding of, 306 config object, 325 declarations, 330–331 defined, 465 directive, 331

exam essentials for, 349 exception object, 327, 463 expressions, 330 out object, 326, 385, 467 page object, 327, 468 pageContext object, 324–325, 401, 404, 468 request object, 325–326 scope application, 328, 328 page, 328, 329 request, 329, 329 session, 330, 330 summarized, 327–328 scriptlets, 330 session object, 326 include action, 332–333

attribute types for, 333 defined, 465

limitations of included pages, 332 include directive, 317–319

include(...) method

including resource results inside response, 281 servlet request dispatching with, 76–77

transferring duties of RequestDispatcher with, 84 indexed property, 465

index.html file

as default welcome page for servlets, 111–112 sample listing, 206–207, 206

inheritance hierarchy for javax.servlet.Servlet interface, 307

init() method

overriding no-argument, 70

problems preventing servlet from entering service, 72–73

INPUT tag, 7–12

button attribute for, 11 checkbox attribute for, 11 hidden attribute for, 9

password attribute for, 9 radio attribute for, 12 reset attribute for, 10 submit attribute for, 9–10 text attribute for, 8 instance locks, 274–275, 275

instance variables, 146–147, 271, 273–277, 275 about, 273

accessing instance in turns, 275, 275 defined, 271, 465

sharing among accessing threads, 273, 275 SingleThreadModel and, 288

thread safety of, 271, 272, 276, 290 using, 274

int getUnavailableSeconds() method, 185 International Phone Card, Inc., scenario, 348 internationalization in ServletRequest object, 58 Internet Protocol (IP), 16

invalidating sessions, 220–224

getMaxInactiveInterval(...) method for, 221–222 invalidate(...) method for, 222, 225, 226

setMaxInactiveInterval(...) method for, 221–222, 225, 226 strategies for, 222–223 with timeouts, 221, 225 IP (Internet Protocol), 16 isolation level, 428, 465 IterationTag interface, 380–383, 381

J

J2EE (Java 2 Enterprise Edition). See also Web tier design patterns

architectural overview of, 2–5 illustrated, 4

MVC implementation in, 442 server security, 235–236, 235 tier design for Web, 415

JAAS (Java Authentication and Authorization Service), 236

JAR (Java archive) files defined, 99, 465 WAR vs., 99, 100–101 Jasper, 304

(10)

Java archive files – JSP (Java Server Pages) 483

Java archive files. See JAR files Java Virtual Machine (JVM), 271 JavaBeans advantages of, 338, 341 attributes, 339–340 defined, 338, 465 javax.servlet.error.exception attribute, 187 javax.servlet.error.message, 176 javax.servlet.error.status_code, 176 javax.servlet.Filter interface, 152 javax.servlet.Servlet interface, 307 javax.servlet.ServletException, 183 jsp:fallback, 337 jsp:forward, 333–334 jsp:getProperty, 344–347, 464 jsp:include, 332–333 jsp:param, 337–338 jsp:plugin, 335–337

jsp:fallback element for, 337 jsp:param element for, 337 mandatory attributes for, 335 optional attributes for, 336

jsp:setProperty, 338, 341–344, 343, 444, 471 jsp:useBean, 338–348

attributes defining use of bean, 339–340 beanName, 340 class, 340 id, 339 scope, 339–340 type, 340 jsp:getProperty action, 344–347, 464 jsp:setProperty action, 341–344, 343

JSP (Java Server Pages), 299–356. See also JSP custom tags; JSP model actions, 331–347 about, 331–332 jsp:forward, 333–334 jsp:include, 332–333 jsp:param, 337–338 jsp:plugin, 335–337 jsp:setProperty, 338, 341–344, 343, 444, 471 jsp:useBean, 338–348

summary of attributes and subactions, 347 case-sensitivity of elements, 309

communicating with servlet with MVC pattern, 443–445

converting to, 348

declarations

as implicit objects, 330–331

syntax and rules for writing, 310–312, 323 defined, 3, 465 directives, 316–322 about, 316–317, 322–323 defined, 462 as implicit objects, 331 include, 317–319 page, 319–321, 327 taglib, 322 elements of, 309, 322–323 exam essentials, 349 expressions exam essentials, 323 as implicit object, 330

syntax and rules for writing, 312–313, 323 hidden comments, 310, 322, 464 implicit objects, 323–331 application object, 324 application scope, 328, 328 config object, 325 exception object, 327, 463 out object, 326, 385, 467 page object, 327, 468 page scope, 328, 329, 339, 468 pageContext object, 324–325, 401, 404, 468 request object, 325–326 request scope, 329, 329 scope of, 327–328 session object, 326 session scope, 330, 330, 339–340, 471 JSP model, 302–309, 466 JSP life cycle, 304–309, 307, 308, 349 presentation layer separate from Java code,

302–304, 303, 304 servlet vs. JSP code, 4, 304 servlet vs. JSP design, 303 key terms, 350 overview, 348–349 review questions/answers, 351–354, 355–356 scriptlets defined, 313, 470 exam essentials for, 323 as implicit object, 330 statements within, 315–316

(11)

484 JSP custom tags – listener-class tag

servlet communication to, 445–446 syntax for elements in, 322–323 JSP custom tags, 358–411

BodyTag interface, 383–392

accessing enclosing writer, 387, 387 life cycle of, 388, 388

sample listing of, 390–391 common tag options, 371–372 components required in, 360 custom tag mapping, 363 defined, 460

defining, 364–365

exam essentials for, 402–404 identifying in JSP page, 403

IterationTag interface, 380–383, 381 life cycle of, 381

sample listing, 382–383 key terms, 404

overview, 359–364, 401–402

review questions/answers, 405–409, 410–411 sample listing of basic, 361

supplementary elements for, 372–373 support classes, 392–401 BodyTagSupport, 360–361, 392, 396–398 TagExtraInfo, 392, 398–401, 400 TagSupport, 392, 393–396 Tag handler, 375–380, 376 illustrated, 376

life cycle of, 376–378, 378 methods of, 376–378 role of, 375 sample listing, 379–380 taglib directives, 365–375 defined, 322 in deployment descriptor, 366–368 identifying in JSP page, 402

identifying tag use on JSP page, 365–366 including in JSP page, 365–366

TLD, 368–375 creating, 362 defined, 362, 472 exam essentials for, 402 general tags for, 370

identifying descriptor elements and body content of, 403–404

mapping to tag class, 363 optional tags, 370–371 sample listing of, 369

WorldTalk, Inc., scenario, 374–375 JSP model, 302–309

defined, 466

JSP life cycle, 304–309, 307, 308 exam essentials for, 349 first-person penalty, 308, 463 illustrated, 308

JSP to servlet code for hello.jsp, 304–306 servlet inheritance hierarchy, 307

presentation layer separate from Java code, 302–304,

303, 304

servlet vs. JSP code, 304 servlet vs. JSP design, 303 jspDestroy() method, 312 jspInit() method, 312

JVM (Java Virtual Machine), 271

K

keys defined, 466 private, 251–252, 252, 469 public, 237, 251–252, 252, 469

L

life cycle BodyTag interface, 388, 388 filters, 151–152, 151 of IterationTag interface, 381 JSP, 304–309, 307, 308

exam essentials for, 349 first-person penalty, 308, 463 illustrated, 308

JSP to servlet code for hello.jsp, 304–306 servlet inheritance hierarchy, 307 servlets, 69–79

defined, 471 end of service, 79 exam essentials for, 83–84 loading and instantiating, 69–73 request dispatching, 74–79 request handling, 73–74 of Tag interface, 376–378, 378 listener-class tag, 156

(12)

listener tag – OverviewServlet.java 485

listener tag, 156 listeners

defined, 466

in distributed environments, 150 for HttpSession object

HttpSessionActivationListener, 142–144, 156 HttpSessionAttributeListener, 139–142, 158 HttpSessionBindingListener, 144–146, 156, 210 HttpSessionListener, 137–139, 156, 219–220 registering to containers, 220

for ServletContext object, 129–135 about, 129–130 ServletContextAttributeEvent, 134–135 ServletContextAttributeListener, 134, 156, 157, 158, 159 ServletContextEvent, 133–134 ServletContextListener, 130–133, 156, 157, 158, 159

loading and instantiating servlets, 69–73 local variables

defined, 271

thread safety and, 272–273, 273, 290 log(...) method, 181, 190

logging messages, 181–182 reporting messages, 181–182 writing messages to log file, 181, 190 login-config tag, 245–246, 260–261

M

malicious code, 240–241, 259 MANIFEST.MF (manifest file), 101 manually rewriting URLs, 203–209, 206 mapping custom tag, 363 default, 98 exact, 97, 462 extension, 97 MIME type, 110–111 path, 97

precedence of implict and explicit, 98

providing mapping information for containers, 107 URL to servlet, 107–109, 109

MAXLENGTH, 466

/META-INF directory, 101, 466

MIME (Multipurpose Internet Mail Extension) defined, 17, 467

MIME type mappings, 110–111 mime-type tag, 110–111

model, 441, 441. See also specific model by name Model View Controller (MVC) pattern, 440–447

about, 414

advantages of, 446–447 defined, 466

disadvantages of, 447 JSP to servlet, 443–445

MVC component with scrollbar, 441 overview, 440–443, 441, 442, 449 servlet to JSP, 445–446

Multiple Value Objects strategy, 422–423, 466 Multipurpose Internet Mail Extension (MIME), 17,

110–111, 467 multithreaded, 467 multithreaded servlets

behavior of static variables in, 280 defined, 270

scenarios for handling multiple threads, 290–291 single-threaded vs., 289–290, 292

mutable, 419, 467

MVC pattern. See Model View Controller pattern

N

NAME, 467

naming standards for JSP files, 304 nested tags, 364, 385–386, 387, 467 non-error, 174, 467

nonce, 249, 250, 250, 467

O

option tags for WAR file, 100

OPTIONS method, 31–32, 50–51, 467 out object, 326, 385, 396, 404, 467 outer tags, 385

OverviewServlet.java

sample listing, 206, 207–208 using cookies with, 212–213

(13)

486 packet sniffers – reporting logged messages

P

packet sniffers, 241, 467 page attributes, 324, 468 page directive, 319–321, 327, 468 page object, 327, 468 page-relative path, 367–368, 468 page scope, 328, 329, 339, 468 page tag for jsp:include, 333 PageContext class, 380

pageContext object, 324–325, 401, 404, 468 param action, 337–338, 468

param tag for jsp:include, 333 parameter variables, 272 parameters

attributes vs., 286

for HttpServlet request methods, 46

init parameters for multiple instances of servlet, 280 for ServletRequest object, 53–56, 55, 56

thread-safe request, 283–284, 283 partial GET, 468

passing errors, 179–180

password attribute for INPUT tag, 9 path patterns

default mapping and, 98 exact mapping, 97, 462 extension mapping and, 97, 463 path mapping and, 97, 468 paths

absolute, 367–368, 458 context-relative, 367–368, 460 manually rewriting URL, 203–209, 206 page-relative, 367–368, 468

path info, 65, 468 path mapping, 97, 468 path translations, 65–66 request path elements, 65

request/response path for Servlet model, 52 servlet, 64–65

setting for referencing ErrorServlet, 177 virtual, 66

permanently unavailable, 184, 468 plugin action

about, 335–337 defined, 468

mandatory attributes for, 335 optional attributes for, 336

POST method defined, 468

doPost(...) method with POST requests, 48 exam essentials for, 33–34

identifying HttpServlet class methods for, 81 overview, 27–29

prefix, 364, 469

prefix mapping, 366, 469 Presentation layer

defined, 303, 469

separating from Business Logic layer with JSPs, 359 Presentation tier. See also Server tier; Web tier

illustrated, 4

J2EE tier design for Web, 415 principal, 236, 469

private key, 251–252, 252, 469 problem notification, 168–175

HTML output and servlet exception handling, 169–171

sendError(...) method, 171–173, 189, 470 setStatus(...) method, 173–175, 189 programmatic security, 238–240, 469 public key, 237, 251–252, 252, 469 public void log() method, 181 PUT method, 29–30, 48–49, 469

Q

query strings in HTML, 14–16, 469

R

radio attribute for INPUT tag, 12 Real World scenarios

Botanical Application, 102–103 detailed session management, 223–224 EEI mail application, 145

Exotic Birds, Inc. website, 80

for handling multiple threads, 290–291 justifying robust system, 447–448 planning for error handling, 185–186 for security, 254–255

WorldTalk, Inc., 374–375 redirect URL, 82, 469

(14)

req.getSession() method – scopes 487 req.getSession() method, 211 request, 323 request attributes about, 281–284, 283 defined, 271, 281, 469 exam essentials for, 292

sample RequestDispatcher servlet, 282 thread safety of, 290

request dispatching of servlets, 74–79 defined, 470

forward(...) method, 77–79 include(...) method, 76–77 request handling of servlets, 73–74 request mapping, 98 request object about, 325–326, 325 defined, 470 HttpServletRequest object, 59–67 cookies, 66–67

request methods for, 60 sample header request, 60–62 security methods for, 239 request/response path, 52

ServletRequest and ServletResponse interface, 52–59 request path, 64–65 request scope, 329, 329, 339, 470 request time, 333 RequestDispatcher accessing, 74–76 defined, 470

forwarding request to error page, 179–180, 180, 190 include and forward methods transferring duties of, 84 thread safety of multithreaded requests, 281–284 requests. See also HTTP request methods; responses

accessing and setting attributes within, 83 attributes of servlet, 56–58

forwarding to error page, 179–180, 180, 190 HTTP client, 18–21

HTTP request/response communication, 17–18 HttpServletRequest object, 59–67

cookies, 66–67 methods for, 60

request methods for, 60 sample header request, 60–62

sample header request for, 60–62 security methods for, 239

identifying interface and methods to retrieve, 81–82 path elements, 64–65

redirecting HTTP requests to another URL, 82, 469 servlets

handling, 73–74

request dispatching, 74–79

request object for Servlet model, 52–67 responses and, 4–5

reset attribute for INPUT tag, 10 response object, 470

responses. See also requests; server response for HTTP defined, 470 HTTP request/response communication, 17–18 HTTP server, 21–23 body, 23 example of, 22 header in, 22–23 status line in, 22

HttpServletResponse object, 62–63 servlet requests and responses, 4–5

setting HTTP response header and content type, 82 transmitting HTTP, 17

return variables, 272 review questions/answers

exception handling, 191–194, 195–196 Java Server Pages, 351–354, 355–356 JSP custom tags, 405–409, 410–411 security, 263–266, 267–268

servlet container model, 160–163, 164–165 Servlet model, 85–89, 90–91

servlet web applications, 115–118, 119–120 sessions, 227–230, 231–232

thread safety, 293–296, 297–298 Web client model, 35–39, 40–41

Web tier design patterns, 451–454, 455–456 role-based, 237, 470

roles, 236, 237–238

S

scope attribute of useBean action, 339–340 scopes

application, 340 defined, 122, 470

(15)

488 scriptlets – servlet exceptions

defining use of JavaBean, 339–340 implicit objects, 327–328 application, 328, 328 page, 328, 329 request, 329, 329 session, 330, 330 scriptlets defined, 313, 470 exam essentials for, 323 as implicit objects, 330 statements within, 315–316

syntax and rules for writing, 313–316, 323 Secure Sockets Layer (SSL), 236–237

security, 233–268 auditing, 237–240 authentication about, 235–236 BASIC, 242–246, 242 CLIENT-CERT, 251–254, 252 DIGEST, 249–251, 250 FORM, 247–249, 248 overview, 241–242 authorization, 236, 259, 458 data integrity, 236–237, 259 deployment descriptor tags, 255–258 exam essentials, 259–261

key terms, 262

malicious code, 240–241, 259 overview, 234–235, 258–259 realworld scenario for, 254–255

review questions/answers, 263–266, 267–268 website attacks, 241, 260

security-constraint tag

defining for BASIC authentication, 243–245 exam essentials for, 260

restricting directory to administrator role, 237–238 security-role tags, 246

SELECT tag, 13–14

sendError(...) method, 171–173, 189, 470 Server tier, 415–418. See also Presentation tier;

Web tier

entity bean transactions, 416–417, 416, 462 J2EE tier design for Web, 415

overview, 415

session beans, 417–418, 417, 471 servers

application, 415, 417, 458 in DIGEST process, 250, 250

handling exceptions thrown to, 182

HTTP request/response communication, 17–18 in J2EE model, 4

providing default directory for WAR file applications, 101

server response for HTTP, 21–23 body in, 23

example of, 22 header in, 22–23 status line in, 22 service(...) method, 52, 81 servlet container model, 121–165

distributable environment, 146–150 deployment descriptor tag for, 148 distributed containers, 148–150 overview of, 146–147

EEI mail application scenario, 145 exam essentials for, 157–159 filters, 150–155

creating, 152–154 defined, 463

defining deployment descriptor, 154–155 life cycle of, 151–152, 151

overview, 150

HttpSession object, 135–146

how sessions work, 135–137, 135, 136 HttpSessionActivationListener, 142–144 HttpSessionAttributeListener, 139–142 HttpSessionBindingEvent, 142 HttpSessionBindingListener, 144–146, 156, 219 HttpSessionEvent, 139 HttpSessionListener, 137–139, 156, 219–220 key terms for, 159

overview, 156–157

review questions/answers, 160–163, 164–165 ServletContext object, 122–135

listener interfaces and event classes, 129–135 methods and attributes, 123–129

overview, 122–123 servlet exceptions, 182–188

custom error servlet, 177–178 exception pages, 186–188

overview, 182–183

permanently or temporarily unavailable, 184 ServletException class, 183–184

(16)

servlet-mapping tag – ServletException class 489

servlet-mapping tag, 108 Servlet model, 43–91

exam essentials for, 81–84 key terms for, 84

methods for, 44–51

common features of doXXX (...) methods, 45–46 doDelete (...), 50 doGet(...), 46–48 doHead (...), 49 doOptions (...), 50–51 doPost(...), 48 doPut(...), 48–49 doTrace (...), 51 overview, 44–45 overview, 4–5, 5, 80–81, 471 request object, 52–67

HttpServletRequest and HttpServletResponse interface, 59–67

request/response path, 52

ServletRequest and ServletResponse interface, 52–59

review questions/answers, 85–89, 90–91 servlet life cycle, 69–79

defined, 471 end of service, 79

init() method prevents servlet start, 72–73 loading and instantiating, 69–73

request dispatching, 74–79 request handling, 73–74 session object, 67–68 servlet-name tag, 108 servlet path, 64–65, 471 servlet web applications, 93–120

Botanical Application scenario, 102–103 deployment descriptor tags, 103–112

about web.xml file, 103 basic servlet tags, 105–106 defining for filter, 154–155 for distributable environment, 148 exam essentials for, 114

identifying element names for WebApp, 158 initialization parameters for servlet tag, 106–107 mapping URL to servlet, 107–109, 109 MIME type mappings, 110–111 sample deployment descriptor, 103–105 security, 255–258, 260–261

welcome file list, 111–112 directory structure, 95–103

context, 96–98 exam essentials for, 113 hierarchical layers of, 95–96

setting path for referencing ErrorServlet, 177 WAR file, 99–101, 114

/WEB-INF, 95–96, 98–99 elements of, 94–95, 113 exam essentials on, 113–114 key terms, 114

notifying when session created or destroyed, 219–220 overview, 113

review questions/answers, 115–118, 119–120 ServletConfig object

creation of, 69–70 defined, 471

getServletContext() method for, 72 getServletName() method for, 72

ServletContext object within application's, 123 ServletContext object, 122–135

exam essentials for, 157, 158, 159 getRequestDispatcher() method of, 75, 282 listener interfaces and event classes, 129–135

about, 129–130 ServletContextAttributeEvent, 134–135 ServletContextAttributeListener, 134, 156, 157, 158, 159 ServletContextEvent, 133–134 ServletContextListener, 130–133, 156, 157, 158, 159

methods and attributes, 123–129 overview, 122–123, 156

retrieving context attribute with, 286–287 ServletContextAttributeEvent, 134–135 ServletContextAttributeListener, 134, 156, 157, 158, 159 ServletContextEvent, 133–134 ServletContextListener, 130–133, 156, 157, 158, 159 ServletException class about, 183–184 defined, 471

(17)

490 ServletException object – sessions

ServletException object, 72 ServletRequest object

attributes associated with requests, 56–58 converting requests to, 52

data encoding for, 58–59 internationalization in, 58 parameters for, 53–56, 55, 56 Request Dispatcher object and, 74–79 request process for, 52–53, 53 ServletResponse object

creation of by container, 52 request process for, 52–53, 53

servlets. See also servlet container model; Servlet model; servlet web application; thread safety

communicating to JSP with MVC pattern, 445–446 defined, 3, 470

flush() vs. close() methods for altering output stream, 151

handling exceptions, 182–188 custom error servlet, 177–178 exception pages, 186–188

overview, 182–183

permanently or temporarily unavailable, 184 ServletException class, 183–184

throwing UnavailableException, 184–185 inheritance hierarchy for javax.servlet.Servlet

interface, 307 JSPs

comparison of, 4

JSP component communication with, 443–445 JSP vs. servlet code and design, 303, 304 life cycle of, 69–79

defined, 471 end of service, 79 exam essentials for, 83–84 loading and instantiating, 69–73 request dispatching, 74–79 request handling, 73–74

processing with setStatus(...) method, 174 registering under multiple names, 277 requests and responses

about, 4–5

HTTP request methods, 45 role of filter in, 151–152

Servlet model, 4–5, 5 servlet tags

basic deployment descriptor, 105–106 initialization parameters for, 106–107 single-threaded, 288–289

single vs. multithreaded, 289–290, 292 timeout values for, 221

tracking for cookie with JSESSIONID, 212 translating scriptlets to, 313

unique init parameters for multiple instances of, 280 session attributes, 284–285, 285

defined, 271, 471 exam essentials for, 292 thread safety of, 290

session beans, 417–418, 417, 471 session-config tag, 109–110 session ID

encoding URL with, 209–211

rewriting URL manually, 203–209, 206

transmittal between client and server determined by container, 215

URL rewriting and, 202–203 session objects, 326, 471

creation of, 135–136, 136 function of, 198–199

identifying interface and methods for retrieved, 225 invalidating, 226

linked to clients, 285 for Servlet model, 67–68

tracking user transactions with, 136 session scope, 330, 330, 339–340, 471 SessionAttributeListener, exam essentials, 158 sessions, 135, 135–137, 136, 197–232. See also

HttpSession object; session ID; session objects creation of session object, 135–136, 136 defined, 135, 471

detailed session management scenario, 223–224 exam essentials, 225–226

HttpSession object, 135–146, 215–220 about, 67

how sessions work, 135–137, 135, 136 HttpSessionActivationListener, 142–144 HttpSessionAttributeListener, 139–142 HttpSessionBindingEvent, 142

HttpSessionBindingListener, 144–146, 156, 219 HttpSessionEvent, 139

(18)

setBodyContent() method – TagExtraInfo class 491

HttpSessionListener, 137–139, 156, 219–220 identifying interface and methods for

retrieved, 225 using, 215–219 invalidating, 220–224

getMaxInactiveInterval(...) method for, 221–222

invalidate(...) method for, 222, 225, 226 setMaxInactiveInterval(...) method for, 221–222,

225, 226 strategies for, 222–223 with timeouts, 221, 225 key terms, 226

notifying web applications when created or destroyed, 219–220

overview, 224–225

review questions/answers, 227–230, 231–232 tracking, 198–214

anonymous session tracking with URL rewriting, 202–211

cookies for, 211–214, 225

function of session objects, 198–199

storing client data using hidden HTML values, 199–202, 202, 224, 464

user transactions with session object, 136 using session data, 136, 136

setBodyContent() method, 386, 389 setMaxInactiveInterval(...) method, 221–222, 225, 226 setProperty action, 338, 341–344, 343, 444, 471 setStatus(...) method, 173–175, 189 .sf (signature file), 101 single-threaded servlets multithreaded vs., 289–290, 292 overview, 288–289 SingleThreadModel interface about, 290

class variables with, 289 defined, 288, 472 exam essentials for, 292 illustrated, 288

real world scenario for, 291 SIZE, 472

SKIP_BODY, 377, 378, 381, 404 SKIP_PAGE, 377, 404

SRC, 472

SSL (Secure Sockets Layer), 236–237 stack trace

defined, 181, 472

reporting message to client, 181–182 statements within scriptlets, 315–316 static error pages, 175–176, 472 static include, 318, 472 static variables, 147 status codes

associating with static error pages, 175–176, 472 setting with setStatus(...) method, 173–175, 189 status line in HTTP server response, 22

submit attribute for INPUT tag, 9–10 suffix, 364, 472 support classes, 392–401 BodyTagSupport, 360–361, 392, 396–398 defined, 472 TagExtraInfo, 392, 398–401, 400 TagSupport, 392, 393–396 synchronization defined, 472 in distributed environments, 147 of instance variable data, 275

thread safety of variables and attributes with, 290 Value Object pattern issues with, 428

synchronized, 274, 276, 472 syntax

of custom tag, 365

for elements in JSP and XML, 322–323 format of client request line, 18–19

T

tag extensions. See JSP custom tags Tag handler, 375–380, 376

illustrated, 376

life cycle of, 376–378, 378 methods of, 376–378 role of tag interface, 375 sample listing, 379–380 tag library descriptor. See TLD tag name, 364

tag value, 394, 472

(19)

492 taglib directives – type attribute of useBean action

taglib directives, 365–375. See also TLD defined, 322, 472

in deployment descriptor, 366–368 identifying in JSP page, 365–366, 402 including in JSP page, 365–366

tags. See also JSP custom tags; TLD; and specific tags

by name

deployment descriptor, 103–112 basic servlet tags, 105–106 for distributable environment, 148 exam essentials for, 114

identifying element names for WebApp, 158 initialization parameters for servlet tag, 106–107 mapping URL to servlet, 107–109, 109 MIME type mappings, 110–111 security, 255–258, 260–261

welcome file list, 111–112 HTML, 6–14 FORM, 6–7 INPUT, 7–12 SELECT, 13–14 TEXTAREA, 14 nested, 364, 385–386, 387, 467 outer, 385

page and param tags for jsp:include, 333 security-constraint, 237–238, 243–245, 260 security-role, 246

WAR file option, 100 TagSupport class, 392, 393–396

TCP (Transmission Control Protocol), 16 temporarily unavailable, 184, 473 text

including word wrapping for TEXTAREA tag, 14 text attribute for INPUT tag, 8

text stream acquisition, 82 TEXTAREA tag, 14 thread safety, 269–298 in distributed environments, 147 exam essentials, 292 key terms, 292 overview, 291

passing unique instance to each caller and, 432 review questions/answers, 293–296, 297–298 scenarios for handling multiple threads, 290–291

single-threaded servlets, 288–289

single vs. multithreaded servlets, 289–290, 292 variables and attributes, 270–287

class variables, 277–281, 279, 280 context attributes, 285–287 exam essentials for, 292

instance variables, 271, 273–277, 275, 465 local variables, 272–273, 273, 290 overview, 290 request attributes, 281–284, 283 session attributes, 284–285, 285 thread-safe variables, 272 Throwable object, 184, 187 timeouts

invalidating sessions with, 221, 225 specifications for servlet, 221

strategies for invalidating sessions, 222–223 unit of measure for servlet, 222

TLD (tag library descriptor), 368–375 creating, 362

defined, 362, 472

defining action’s body-content as empty, 378 exam essentials for, 402

general tags for, 370 mapping to tag class, 363 optional tags, 370–371 sample listing of, 369 TLD resource path, 473 TRACE method

about, 32 defined, 473

doTrace (...) method for TRACE requests, 51 traceroute, 473

tracking sessions, 198–214 cookies for, 211–214, 225

function of session objects, 198–199

storing client data using hidden HTML values, 199–202, 202, 224, 464

tracking user transactions with session object, 136 URL rewriting, 202–211, 225

defined, 202, 474 manual, 203–209, 206

methods for encoding URL, 209–211, 226 translation unit, 473

Transmission Control Protocol (TCP), 16 TYPE, 473

(20)

UnavailableException subclass – web applications 493

U

UnavailableException subclass, 184–185, 473 Uniform Resource Identifiers (URIs), 16, 473 Uniform Resource Locators. See URLs updateable, 419, 473

Updateable (or Mutable) Value Object strategy, 419–421, 473

URIs (Uniform Resource Identifiers), 16, 473 url-pattern element, 244, 245

url-pattern tag, 108–109, 155 URLs (Uniform Resource Locators)

defined, 473

mapping to servlet, 107–109, 109

redirecting HTTP requests to other, 82, 469 rewriting, 202–211, 225

defined, 202, 474

encoding links to, 209–211, 226 manual, 203–209, 206

uses of and elements in query strings, 15–16 useBean action, 338–348

attributes defining use of bean, 339–340 beanName, 340 class, 340 id, 339 scope, 339–340 type, 340 defined, 474

V

VALUE, 474

Value Object Factory strategy, 425–427, 474 Value Object pattern, 418–429

about, 414

advantages of, 427–428, 450 defined, 474

disadvantages of, 428–429

Entity Inherits Value Object strategy, 423–425, 462 life cycle of, 419

Multiple Value Objects strategy, 422–423, 466 overview, 418–419, 448

Value Object Factory strategy, 425–427, 474 value objects, 418, 423, 474

value objects, 418, 423, 474 VariableInfo object, 399–400, 400 variables, 270–281

class, 271

exam essentials for, 292 immutable, 276

instance, 146–147, 271, 273–277, 275 about, 273

accessing instance in turns, 275, 275 defined, 271, 465

sharing among accessing threads, 273, 275 SingleThreadModel and, 288

thread safety of, 271, 272, 276, 290 using, 274

local, 271 static, 146–147 view, 441, 441

void jspDestroy() method, 307 void jspInit() method, 307 voidprintStackTrace() method, 182

W

WAR (Web archive) files, 99–101 defined, 474

exam essentials for, 114 JAR files vs., 99, 100–101, 465 options for, 100

when to create, 101

web applications, 93–120. See also thread safety authentication types BASIC, 242–246, 242, 258 CLIENT-CERT, 251–254, 252 DIGEST, 249–251, 250 FORM, 247–249, 248 overview, 241–242

Botanical Application scenario, 102–103 context objects as reference to, 123 defined, 474

deployment descriptor tags, 103–112 about web.xml file, 103

(21)

494 Web archive files – Web tier design patterns

defining for filter, 154–155 for distributable environment, 148 exam essentials for, 114

identifying element names for WebApp, 158 initialization parameters for servlet tag, 106–107 mapping URL to servlet, 107–109, 109 MIME type mappings, 110–111 sample deployment descriptor, 103–105 for security, 255–258

welcome file list, 111–112 directory structure, 95–103

context, 96–98 exam essentials for, 113 hierarchical layers of, 95–96

setting path for referencing ErrorServlet, 177 WAR file, 99–101, 114

/WEB-INF, 95–96, 98–99 elements of, 94–95, 113 exam essentials on, 113–114 key terms, 114

notifying when session created or destroyed, 219–220

overview, 113

request dispatching, 74–79 review questions/answers, 115–118 secure, 233–268

security principles and concerns, 234–241 auditing, 237–240

authentication and authorization, 235–236 data integrity, 236–237, 259

malicious code, 240–241, 259 overview, 234–235

website attacks, 241, 260

unnotified when each HTTP connection closed, 221 Web archive files. See WAR files

Web client model, 2–41

architectural overview of J2EE, 2–5 exam essentials, 33–34 HTML, 5–16 FORM tag, 6–7 INPUT tag, 7–12 overview of, 5 query strings, 14–16, 469 SELECT tag, 13–14 TEXTAREA tag, 14 URIs, 16, 473 when to use, 6 HTTP, 16–32 client request, 18–21 DELETE method, 31, 461 GET method, 24–27 HEAD method, 30–31 OPTIONS method, 31–32, 50–51, 467 overview of, 16–17 POST method, 27–29 PUT method, 29–30, 48–49, 469 request methods, 23–24

request/response communication for, 17–18 server response, 21–23 TRACE method, 32 key terms, 34 overview, 32–33 review questions/answers, 35–39, 40–41 web components, 3 /WEB-INF/classes, 99, 474 /WEB-INF directory about, 95–96, 98–99

unable to directly reference files in, 177 /WEB-INF/lib/*.jar, 99, 474

/WEB-INF/web.xml, 474

web-resource-collection tag, 244–245, 260 web-resource-name tag, 238, 260

web servers, 3, 474

Web tier. See also Presentation tier; Server tier J2EE tier design for Web, 4, 415

Web tier design patterns, 413–456 Business Delegate pattern, 437–440

advantages of, 439–440 Delegate Adapter strategy, 439 delegate in application design, 438 Delegate Proxy strategy, 439 disadvantages of, 440 overview, 437–439, 449

Data Access Object pattern, 429–437 advantages of, 436–437

Automatic Code Generated DAO strategy, 432–433

(22)

website attacks – XML (Extensible Markup Language) 495

Basic DAO strategy, 431–432 DAO objects, 430

disadvantages of, 437

Factory for DAO strategy, 433–436, 463 overview, 429–431, 448–449

exam essentials for, 449–450 key terms, 450

Model View Controller pattern, 440–447 advantages of, 446–447 defined, 466 disadvantages of, 447 JSP to servlet, 443–445 overview, 440–443, 441, 442, 449 servlet to JSP, 445–446 overview, 414, 448–449 review questions/answers, 451–454, 455–456 scenario justifying robust system, 447–448 Server tier components, 415–418

entity bean transactions, 416–417, 416, 462 overview, 415

session beans, 417–418, 417, 471 Value Object pattern, 418–429

advantages of, 427–428, 450 disadvantages of, 428–429

Entity Inherits Value Object strategy, 423–425, 462

life cycle of, 419

Multiple Value Objects strategy, 422–423, 466 overview, 418–419, 448

Value Object Factory strategy, 425–427, 474 value objects, 418, 423, 474

website attacks, 241, 260 web.xml file

defining parameters and retrieving in, 71–72 deployment descriptor known as, 70, 103 deployment descriptor tags, 103–112

basic servlet tags, 105–106 defining for filter, 154–155

for distributed environments, 148 for handling exceptions, 190

identifying element names for WebApp, 158 initialization parameters for servlet tag,

106–107

mapping URL to servlet, 107–109, 109 MIME type mappings, 110–111 sample deployment descriptor, 103–105 setting timeout flag with session-config tag,

109–110

welcome file list, 111–112 handling authentication in, 255–257 JSP tag element mapping to, 363

registering servlet under multiple names, 277 taglib element in, 366–368

welcome-file-list tag, 111–112

word wrapping for TEXTAREA tag, 14 WorldTalk, Inc., scenario, 374–375 writing error messages to log file, 181

X

XML (Extensible Markup Language). See also web.xml file

basic servlet tags, 105–106

function of DTD in XML documents, 105 initialization parameters for servlet tag,

106–107

overview of web.xml file, 103 syntax for JSP elements, 322–323, 349 TLD, 368–375

creating, 362 defined, 362, 472 exam essentials for, 402 general tags for, 370 mapping to tag class, 363 optional tags, 370–371 sample listing of, 369