book

Head First Servlets and JSP, 2nd Edition

by Bryan Basham, Kathy Sierra, Bert Bates

March 2008

Intermediate to advanced

911 pages

20h 31m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Who should probably back away from this book?

Servlets and CGI both play the role of a helper app in the web server
Actually, trying to format HTML inside a servlet’s out.println() pretty much sucks.
Your servlet inherits the lifecycle methods
Servlet Initialization: when an object becomes a servletBut a Servlet’s REAL job is to handle requests. That’s when a servlet’s life has meaning.Request and Response: the key to everything, and the arguments to service()
What happens if you do NOT say method=“POST” in your <form>?
Using relative URLs in sendRedirect()
What about the way we did it with the beer app? We passed the model info to the JSP using a request attribute...
What she really wants is a listener.She wants a ServletContextListenerTutorial: a simple ServletContextListenerMaking and using a context listenerWe need three classes and one DDWriting the listener classWriting the attribute class (Dog)Writing the servlet classWriting the Deployment DescriptorCompile and deployTry it outTroubleshootingThe full story...Listeners: not just for context events...The eight listenersThe HttpSessionBindingListener
Attributes are not parameters!The Three Scopes: Context, Request, and SessionAttribute APIThe dark side of attributes...But then something goes horribly wrong...Context scope isn’t thread-safe!The problem in slow motion...How do we make context attributes thread-safe?Synchronizing the service method is a spectacularly BAD ideaSynchronizing the service method won’t protect a context attribute!You don’t need a lock on the servlet... you need the lock on the context!Are Session attributes thread-safe?What’s REALLY true about attributes and thread-safety?Protect session attributes by synchronizing on the HttpSessionSingleThreadModel is designed to protect instance variablesBut how does the web container guarantee a servlet gets only one request at a time?Which is the better STM implementation?Only Request attributes and local variables are thread-safe!Request attributes and Request dispatchingRequestDispatcher revealedWhat’s wrong with this code?You’ll get a big, fat IllegalStateException!
Cookies
URL rewriting: something to fall back onURL rewriting kicks in ONLY if cookies fail, and ONLY if you tell the response to encode the URLURL rewriting works with sendRedirect()Getting rid of sessionsHow we want it to work...The HttpSession interfaceKey HttpSession methodsSetting session timeoutCan I use cookies for other things, or are they only for sessions?Using Cookies with the Servlet APISimple custom cookie exampleCustom cookie example continued...Key milestones for an HttpSessionSession lifecycle Events
Session migrationThe Beer Web App distributed across two VMsSession migration in action
Listener examplesListener examplesListener examplesSession-related ListenersSession-related Event Listeners and Event Objects API overview
Configuring servlet init parametersOverriding jspInit()
Attributes to the page directive
El is enabled by default!
Declare and initialize a bean attribute with <jsp:useBean>Get a bean attribute’s property value with <jsp:getProperty>
The same is true for JSP expression tags...... and for the jsp:getProperty standard action
She doesn’t know about EL functions
She doesn’t know about JSTL tags
You can explicitly declare the conversion of XML entitiesYou can explicitly declare NO conversion of XML entitiesConversion happens by default
Or you can do it this way:
She doesn’t know about the <error-page> DD tag.
What she really wants is a WAR file
A conceptual call stack example
She doesn’t know about the servlet Wrapper classes
“Off the path”
Common pressures
Code to interfacesSeparation of Concerns & CohesionHide Complexity
Loose CouplingRemote ProxyIncrease Declarative Control
A Fable: The Beer App Grows
What we want...How RMI pulls it off
Service Locator and Business Delegate both simplify model components
Where we left off...
New and (shorter) controller pseudo-code

Content preview from Head First Servlets and JSP, 2nd Edition

You can do sessions even if the client doesn’t accept cookies, but you have to do a little more work...

We don’t agree that anybody with half a brain disables cookies. In fact, most browsers do have cookies enabled, and everything’s wonderful. But there’s no guarantee.

If your app depends on sessions, you need a different way for the client and Container to exchange session ID info. Lucky for you, the Container can handle a cookie-refusing client, but it takes a little more effort from you.

If you use the session code on the previous pages—calling getSession() on the request—the Container tries to use cookies. If cookies aren’t enabled, it means the client will never join the session. In other words, the session’s isNew() method will always return true.

Note

A client with cookies disabled will ignore “Set-Cookie” response headers

If a client doesn’t accept cookies, you won’t get an exception. No bells and sirens going off to tell you that your attempt to have a session with this client went wrong. No, it just means the client ignores your attempt to set a cookie with the session ID. In your code, if you do NOT use URL rewriting, it means that getSession() will always return a NEW session (i.e. one that always returns “true” when you call isNew() on it). The client simply never sends back a request that has a session ID cookie header.