Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

To the authors - HFSJ doesnt mention this !!

 
Niranjan Deshpande
Ranch Hand
Posts: 1277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

1)In chapter on security in FORM based authentication example,HFSJ says
the action,user name, and password html controls should have these names -
j_security_check, j_username, j_password. But it never says what will happen if we dont follow this ?
while i was appearing for mocks from other books i came to know this -
if the action name is other than j_security_check, we dont get any error,
intead the login.html page is redisplayed.

2)Also the book doesnt say anything whether the "/" in the
<form-error-page> or <form-login-page> is mandatory or not ?
while i was appearing for mocks from other books i came to know this -
if we donr use the slash, the web app fails to start as we get a XML parsing error.

3)in the <servlet> tag, is the order
<servlet-name>
<servlet-class>
mandatory ?
while i was appearing for mocks from other books i came to know this -
yes, it is, i.e you should not alter this order. HFSJ doesnt tell this.

Any comments from the authors ??
 
Bryan Basham
author
Ranch Hand
Posts: 199
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Niranjan,

First, the servlet spec is also rather vague about what happens if you accidentally or deliberately misspell the j_*** names in the login form. Because of this vagueness, the web container behavior is "vendor specific".

Second, yes, the "/" is mandatory. The URLs for the login and error pages must be absolute paths (with respect to the webapp).

Lastly, the order of XML elements in the web.xml (servlet configuration) file is no longer important. The DTD for servlet spec v2.3 *was* order dependent, but that was relaxed in servlet spec v2.4.

Hope that helps,
Bryan
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic