book

Java Servlet Programming, 2nd Edition

by Jason Hunter, William Crawford

April 2001

Intermediate to advanced

780 pages

23h 48m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Java Servlet Programming, 2nd Edition
A Note Regarding Supplemental Files
Preface
Servlet API 2.2Servlet API 2.3Readers of the First EditionAudienceWhat You Need to KnowAbout the ExamplesOrganizationConventions Used in This BookRequest for CommentsAcknowledgmentsAcknowledgments from the First Edition
1. Introduction
History of Web ApplicationsCommon Gateway InterfaceFastCGIPerlExmod_perlOther SolutionsServer extension APIsServer-side JavaScriptActive Server PagesJavaServer PagesJava ServletsSupport for ServletsStandalone Servlet ContainersAdd-on Servlet ContainersEmbeddable Servlet ContainersAdditional ThoughtsThe Power of ServletsPortabilityPowerEfficiency and EnduranceSafetyEleganceIntegrationExtensibility and Flexibility
2. HTTP Servlet Basics
HTTP BasicsRequests, Responses, and HeadersGET and POSTOther MethodsThe Servlet APIPage GenerationWriting Hello WorldRunning Hello WorldHandling Form DataHandling POST RequestsHandling HEAD RequestsWeb ApplicationsThe WEB-INF DirectoryThe Deployment DescriptorMoving On
3. The Servlet Lifecycle
The Servlet AlternativeA Single Java Virtual MachineInstance PersistenceA Simple CounterA Simple Synchronized CounterA Holistic CounterServlet ReloadingInit and DestroyA Counter with InitA Counter with Init and DestroySingle-Thread ModelBackground ProcessingLoad on StartupClient-Side CachingServer-Side Caching
4. Retrieving Information
The ServletGetting a Servlet Init ParameterGetting Servlet Init Parameter NamesGetting a Servlet’s NameThe ServerGetting Information About the ServerWriting to a Temporary FileLocking a Servlet to a ServerGetting a Context Init ParameterDetermining the Servlet VersionThe ClientGetting Information About the Client MachineRestricting AccessGetting Information About the UserA Personalized WelcomeThe RequestRequest ParametersGenerating a License KeyPath InformationGetting path informationAd hoc path translationsGetting the context pathGetting MIME typesServing FilesReading from an Abstract ResourceServing ResourcesServing Resources for DownloadDetermining What Was RequestedHow It Was RequestedRequest HeadersAccessing header valuesWading the Input StreamHandling POST requests using the input streamReceiving files using the input streamExtra Attributes
5. Sending HTML Information
The Structure of a ResponseSending a Normal ResponseUsing Persistent ConnectionsResponse BufferingControlling the Response BufferStatus CodesSetting a Status CodeImproving ViewFile Using Status CodesHTTP HeadersSetting an HTTP HeaderRedirecting a RequestWatching Links to Other SitesClient PullWhen Things Go WrongStatus CodesConfiguring Error PagesLoggingReportingExceptionsServletExceptionUnavailableExceptionConfiguring Exception PagesKnowing when no one’s listeningSix Ways to Skin a Servlet Cat
6. Sending Multimedia Content
WAP and WMLWMLWAP Device SimulatorsServing WAP ContentDynamic WAP ContentAnd That’s a WAPImagesImage GenerationA “Hello World” imageA dynamically generated chartImage CompositionDrawing over an imageCombining imagesImage EffectsConverting an image to grayscaleCaching a converted imageCompressed ContentServer Push
7. Session Tracking
User AuthenticationHidden Form FieldsURL RewritingPersistent CookiesWorking with CookiesShopping Using Persistent CookiesThe Session Tracking APISession-Tracking BasicsA Hit Count Using Session TrackingThe Session LifecycleSetting the Session TimeoutChoosing the right timeoutLifecycle MethodsManually Invalidating a Stale SessionHow Sessions Really WorkApplet-Based Session TrackingNoncookie FallbacksSessionSnoopSession Binding EventsShopping Using Session Tracking

8. Security
HTTP AuthenticationConfiguring HTTP AuthenticationRole-based authenticationRestricting access to a servletRetrieving Authentication InformationForm-Based AuthenticationCustom AuthenticationForm-Based Custom AuthorizationDigital CertificatesSecure Sockets Layer (SSL)SSL Client AuthenticationConfiguring SSL SecurityConfiguring SSL AuthenticationRetrieving SSL Authentication Information
9. Database Connectivity
Relational DatabasesThe JDBC APIJDBC DriversGetting a ConnectionGetting a Connection from a ServletExecuting SQL QueriesHandling SQL ExceptionsResult Sets in DetailHandling Null FieldsUpdating the DatabaseUsing Prepared StatementsReusing Database ObjectsReusing Database ConnectionsReusing Prepared StatementsTransactionsUsing Transactions with JDBCOptimized Transaction ProcessingConnection PoolingConnections as Part of a SessionA Guestbook ServletAdvanced JDBC TechniquesStored ProceduresBinaries and BooksBeyond the Core
10. Applet-Servlet Communication
Communication OptionsHTTP and Raw Socket ConnectionsServlets and Object SerializationJDBC, RMI, and a Little CORBAThe Hybrid ApproachDaytime ServerThe AppletText-Based HTTP CommunicationThe servletBack to the appletObject-Based HTTP CommunicationThe servletThe appletPosting a serialized object or fileSocket CommunicationThe servletThe superclassThe appletRMI CommunicationThe servletThe superclassThe appletA full-service servletChat ServerThe DesignThe ServletThe HTTP AppletThe Socket-Connecting AppletThe RMI AppletThe Dispatcher
11. Servlet Collaboration
Sharing InformationSharing with the ServletContextUsing the context to sell burritosSharing with Another ServletContextClass loader issuesSharing ControlGetting a Request DispatcherDispatching a ForwardDispatching by nameForward Versus RedirectDispatching an Include
12. Enterprise Servletsand J2EE
Distributing LoadHow to Be DistributableMany Styles of DistributionIntegrating with J2EEJ2EE Division of LaborEnvironment EntriesReferences to EJB ComponentsReferences to External Resource FactoriesServlet Distribution in a J2EE Environment
13. Internationalization
Western European LanguagesHTML Character EntitiesUnicode EscapesConforming to Local CustomsNon-Western European LanguagesCharsetsWriting Encoded OutputReading and Writing Encoded OutputMultiple LanguagesUCS-2 and UTF-8Writing UTF-8Dynamic Language NegotiationLanguage PreferencesCharset PreferencesResource BundlesWriting to Each His OwnThe LocaleNegotiator ClassSystem-Provided LocalesHTML FormsThe Hidden Charset
14. The Tea Framework
The Tea LanguageGetting StartedRequest InformationDigging DeeperTea AdministrationTea ApplicationsText ProcessingContent HandlingRequest/Response HandlingWriting a Tea ApplicationA Tool ApplicationFinal Words
15. WebMacro
The WebMacro FrameworkSaying Hello with WebMacroInstalling WebMacroThe WebMacro Template LanguageWebMacro Context ToolsWebMacro Directives#if#set#foreach#parse#include#param#useWebMacro TemplatesA Reusable MacroView ServletTemplate ProcessingA Tool ApplicationFiltersCustom Filters
16. Element Construction Set
Page Components as ObjectsDisplaying a Result SetCustomizing the Display
17. XMLC
A Simple XML CompileThe Manipulation ClassModifying a ListA Tool Application
18. JavaServer Pages
Using JavaServer PagesBehind the ScenesExpressions and DeclarationsDirectivesUsing DirectivesAvoid Java Code in JSP PagesJSP and JavaBeansEmbedding a BeanControlling Bean PropertiesSaying “Hello” Using a BeanIncludes and ForwardsA Tool ApplicationCustom Tag LibrariesUsing Custom Tag LibrariesA Tool Application Using Custom Tag Libraries
19. Odds and Ends
Parsing ParametersParameterParser CodeSending EmailUsing the MailMessage ClassEmailing Form DataUsing Regular ExpressionsFinding Links with Regular ExpressionsExecuting ProgramsFingerExecuting the finger CommandExecuting finger with ArgumentsExecuting finger with Redirected OutputUsing Native MethodsActing as an RMI ClientDebuggingCheck the LogsOutput Extra InformationUse a Standard DebuggerExamine the Client RequestCreate a Custom Client RequestUse a Third-Party ToolSome Final TipsPerformance TuningGo Forth, but Don’t ProsperDon’t Append by ConcatenationLimit SynchronizationBuffer Your Input and OutputTry Using an OutputStreamUse a Profiling Tool
20. What’s New in the Servlet 2.3 API
Changes in the Servlet API 2.3Servlets in J2SE and J2EEFiltersLifecycle EventsSelecting Character EncodingsJAR DependenciesClass LoadersNew Error AttributesNew Security AttributesLittle TweaksDTD ClarificationsConclusion
A. Servlet API Quick Reference
GenericServlet
RequestDispatcher
Servlet
ServletConfig
ServletContext
ServletException
ServletInputStream
ServletOutputStream
ServletRequest
ServletResponse
SingleThreadModel
UnavailableException
B. HTTP Servlet API Quick Reference
Cookie
HttpServlet
HttpServletRequest
HttpServletResponse
HttpSession
HttpSessionBindingEvent
HttpSessionBindingListener
HttpSessionContext
HttpUtils
C. Deployment Descriptor DTD Reference
<auth-constraint>
<auth-method>
<context-param>
<description>
<display-name>
<distributable>
<ejb-link>
<ejb-ref>
<ejb-ref-name>
<ejb-ref-type>
<env-entry>
<env-entry-name>
<env-entry-type>
<env-entry-value>
<error-code>
<error-page>
<exception-type>
<extension>
<form-error-page>
<form-login-config>
<form-login-page>
<home>
<http-method>
<icon>
<init-param>
<jsp-file>
<large-icon>
<load-on-startup>
<location>
<login-config>
<mime-mapping>
<mime-type>
<param-name>
<param-value>
<realm-name>
<remote>
<res-auth>
<res-ref-name>
<res-type>
<resource-ref >
<role-link>
<role-name>
<security-constraint>
<security-role>
<security-role-ref >
<servlet>
<servlet-class>
<servlet-mapping>
<servlet-name>
<session-config>
<session-timeout>
<small-icon>
<taglib>
<taglib-location>
<taglib-uri>
<transport-guarantee>
<url-pattern>
<user-data-constraint>
<web-app>
<web-resource-collection>
<web-resource-name>
<welcome-file>
<welcome-file-list>
D. HTTP Status Codes
E. Character Entities
F. Charsets
Index
About the Authors
Colophon
Copyright

Content preview from Java Servlet Programming, 2nd Edition

Chapter 8. Security

So far we have imagined that our servlets exist in a perfect world, where everyone is trustworthy and nobody locks their doors at night. Sadly, that’s a 1950s fantasy world: the truth is that the Internet has its share of fiendish rogues. As companies place more and more emphasis on online commerce and begin to load their intranets with sensitive information, security has become one of the most important topics in web programming.

Security is the science of keeping sensitive information in the hands of authorized users. On the Web, this boils down to four important issues:

Authentication: Being able to verify the identities of the parties involved
Authorization: Limiting access to resources to a select set of users or programs
Confidentiality: Ensuring that only the parties involved can understand the communication
Integrity: Being able to verify that the content of the communication is not changed during transmission

It helps to think of this in context: a client wants to be sure that it is talking to a legitimate server (authentication), and it also wants to be sure that any information it transmits, such as credit card numbers, is not subject to eavesdropping (confidentiality). The server is also concerned with authentication and confidentiality, as well as authorization. If a company is selling a service or providing sensitive information to its own employees, it has a vested interest in making sure that nobody but an authorized user can access it. Finally, both ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0596000405Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Java Servlet Programming, 2nd Edition

by Jason Hunter, William Crawford

Chapter 8. Security

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.