book

Head First Servlets and JSP, 2nd Edition

by Bryan Basham, Kathy Sierra, Bert Bates

March 2008

Intermediate to advanced

911 pages

20h 31m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Who should probably back away from this book?

Servlets and CGI both play the role of a helper app in the web server
Actually, trying to format HTML inside a servlet’s out.println() pretty much sucks.
Your servlet inherits the lifecycle methods
Servlet Initialization: when an object becomes a servletBut a Servlet’s REAL job is to handle requests. That’s when a servlet’s life has meaning.Request and Response: the key to everything, and the arguments to service()
What happens if you do NOT say method=“POST” in your <form>?
Using relative URLs in sendRedirect()
What about the way we did it with the beer app? We passed the model info to the JSP using a request attribute...
What she really wants is a listener.She wants a ServletContextListenerTutorial: a simple ServletContextListenerMaking and using a context listenerWe need three classes and one DDWriting the listener classWriting the attribute class (Dog)Writing the servlet classWriting the Deployment DescriptorCompile and deployTry it outTroubleshootingThe full story...Listeners: not just for context events...The eight listenersThe HttpSessionBindingListener
Attributes are not parameters!The Three Scopes: Context, Request, and SessionAttribute APIThe dark side of attributes...But then something goes horribly wrong...Context scope isn’t thread-safe!The problem in slow motion...How do we make context attributes thread-safe?Synchronizing the service method is a spectacularly BAD ideaSynchronizing the service method won’t protect a context attribute!You don’t need a lock on the servlet... you need the lock on the context!Are Session attributes thread-safe?What’s REALLY true about attributes and thread-safety?Protect session attributes by synchronizing on the HttpSessionSingleThreadModel is designed to protect instance variablesBut how does the web container guarantee a servlet gets only one request at a time?Which is the better STM implementation?Only Request attributes and local variables are thread-safe!Request attributes and Request dispatchingRequestDispatcher revealedWhat’s wrong with this code?You’ll get a big, fat IllegalStateException!
Cookies
URL rewriting: something to fall back onURL rewriting kicks in ONLY if cookies fail, and ONLY if you tell the response to encode the URLURL rewriting works with sendRedirect()Getting rid of sessionsHow we want it to work...The HttpSession interfaceKey HttpSession methodsSetting session timeoutCan I use cookies for other things, or are they only for sessions?Using Cookies with the Servlet APISimple custom cookie exampleCustom cookie example continued...Key milestones for an HttpSessionSession lifecycle Events
Session migrationThe Beer Web App distributed across two VMsSession migration in action
Listener examplesListener examplesListener examplesSession-related ListenersSession-related Event Listeners and Event Objects API overview
Configuring servlet init parametersOverriding jspInit()
Attributes to the page directive
El is enabled by default!
Declare and initialize a bean attribute with <jsp:useBean>Get a bean attribute’s property value with <jsp:getProperty>
The same is true for JSP expression tags...... and for the jsp:getProperty standard action
She doesn’t know about EL functions
She doesn’t know about JSTL tags
You can explicitly declare the conversion of XML entitiesYou can explicitly declare NO conversion of XML entitiesConversion happens by default
Or you can do it this way:
She doesn’t know about the <error-page> DD tag.
What she really wants is a WAR file
A conceptual call stack example
She doesn’t know about the servlet Wrapper classes
“Off the path”
Common pressures
Code to interfacesSeparation of Concerns & CohesionHide Complexity
Loose CouplingRemote ProxyIncrease Declarative Control
A Fable: The Beer App Grows
What we want...How RMI pulls it off
Service Locator and Business Delegate both simplify model components
Where we left off...
New and (shorter) controller pseudo-code

Content preview from Head First Servlets and JSP, 2nd Edition

Securing data in transit: HTTPS to the rescue

When you tell a J2EE Container that you want to implement data confidentiality and/or integrity, the J2EE spec guarantees that the data to be transmitted will travel over a “protected transport layer connection”. In other words, Containers are not required to use any specific protocol to handle secure transmissions, but in practice they nearly all use HTTPS over SSL.

HTTP request—not secured

The Bad Eavesdropper gets a copy of the HTTP request that contains the client’s credit card info. The data isn’t protected, so it comes over in the body of the POST in a nice readable form. The Eavesdropper is happy.

A secured HTTPS over SSL request

The Bad Eavesdropper gets a copy of the HTTP request that contains the client’s credit card info.

But because it was sent with extra-strength HTTPS over SSL, he CANNOT read the information !!

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9780596516680Errata Page Supplemental Content

Head First Servlets and JSP, 2nd Edition

by Bryan Basham, Kathy Sierra, Bert Bates

Securing data in transit: HTTPS to the rescue

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Head First Java, 2nd Edition

Head First Java, 3rd Edition

Servlets and JSP Tutorial for Beginners

Learning Java, 6th Edition

Publisher Resources