Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
  • Piet Souris
  • Frits Walraven
  • Carey Brown

My Study Notes !!!

Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

These are some of the points that I made while studying and doing some mock exams. Hope it will be of some help to you people. Sorry, it's not so well organized and aligned. Do let me know if I have made any mistakes in my points. Please keep adding to this thread your points and thus we can help others who are preparing for the exam.


1.if you have already called the getWriter() method on a ServletResponse object, you cannot call the
getOutputStream() method on the same ServletResponse object.If you do, the getOutputStream() method
will throw an IllegalStateException.; // actually send the response to the browser. So if we try
res.sendRedirect("";), we get an IllegalStateException

3.A request object is valid until the response is committed.

4.RequestDispatcher.forward method can be called only if the response is not committed;
otherwise, it will throw an IllegalStateException.

5.For the getRequestDispatcher() method of ServletContext, the path parameter cannot be relative
and must start with /.

6.Each creation and destroying of a context is an "EVENT".

7.(a) Handling exceptions programatically ---
res.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,message); to the browser

(b) Handling exceptions declaratevely ---



8.DOUBT REGARDING j_security_check .. HOW DOES THIS WORK ???

9.Anything done in the web.xml is "DECLARATIVE" !!

10.<security-constraint> if no <http-method> is specified, then the default is for ALL METHODS static - are called CLASS VARIABLES.

12.context scope is used to share data that is seldom modified.(eg ; database connection).

13.access to the HttpSession object must be synchronized

14.The context and session scopes are not thread safe, while the request scope is thread safe for
all practical purposes because only one thread services one request.

Local variables are always thread safe, static variables never are, and the thread safety of
instance variables depends on the threading model of the servlet.

15.Because the JSP page is converted into a servlet, we can call all the methods in a JSP page that
we can call on a servlet.

14.import is the only attribute of the page directive that can occur multiple times in a translation unit.

15.If isThreadSafe is set to false, the container dispatches the requests to the page one at a
time in the order they are received.
== SingleThreadModel interface for servlets,

16.We cannot declare a method in a scriptlet since we cannot have methods declared inside other
methods in Java.

17.Order of variables declared in declaration part DOES NOT matter.
Order of variables declared in scriplet part DOES matter.

18.Use "return;" after pageContext.forward("abc.jsp") to prevent from writing anything to the output
stream after the request has been forwarded, because doing so will throw an IllegalStateException().

19.Cannot use the following :-
<% String myURL ="copyright.html"; %>
<%@ include file="<%=myURL%>" %>

<%@ include file="other.jsp?abc=pqr" %>

20.These 3 are the same:-
(a).RequestDispatcher rd =
rd.include(request, response);
(c).<jsp:include page="other.jsp" flush="true"/>

21.If you override the service methods in your servlet class, you will lose the functionality provided by
the HttpServlet class, and the doXXX() methods will not be called automatically. In your implementation,
you will have to determine the HTTP method used in the request, and then you will have to call the
appropriate doXXX() method yourself.

22.Clicking on a hyperlink always sends a GET request and thus, the doGet() method of the servlet will be

23.The header information is available only at runtime.

24.The setContentType defines the output format of the response. If you acquire a PrintWriter then the
setContentType method needs to be called before getting the PrintWriter.

25.The doGet method in the HttpServlet class will be triggered in one of the following cases:
* Type URL in address line of web-browser
* Use an hyperlink inside a web-page
* Use an HTML form with no method definition
* Use an HTML form with GET defines as the method definition

The doPost method will ONLY be triggered only when an HTML form is used and defines the POST method.

26.OutputStream os = res.getOutputStream();
PrintWriter out = res.getWriter();

Cause an Exception (IllegalStateException).
But can call getWriter() as many times...

27.For sendRedirect(), an IllegalArgumentException is thrown when the relative URL cannot be converted to
a valid URL.

28.setMaxInactiveInterval specifies the time, in seconds, between client requests before the servlet container
will invalidate the session. A negative time indicates the session should never timeout.

If the timeout is 0 or less in DD <time-out>, the container ensures the default behaviour of sessions
is never to time out.

29.Class variables (declared as STATIC) can be shared by multiple servlet instances and therefore can be
accessed by multiple threads even when a servlet has been declared to use the single thread model.

Class variables are ALWAYS considered NOT THREAD SAFE...

30.The use of the SingleThread Model interface guarantees that only one thread AT A TIME will execute
in a given servlet instance's service method.

That DOES NOT mean that the servlet is Thread Safe

31.SingleThreadModel inteface: -
* The servlet container guarantees that no two threads will execute concurrently in the servlet's
service method.
*The servlet container may synchronize access to a single instance of the servlet.
*The servlet container may create multiple copies of the servlet and dispatch
each request to the different servlets.

32.In the multi-threaded model the doGet method is executed by multiple threads concurrently to service
simultaneous incoming requests.

33.PrintWriter out=res.getWriter();
out.println("Hello Person Servlet");

RequestDispatcher view=req.getRequestDispatcher("web/personView.jsp");

In this case, the request will not be forwarded to the jsp page. No Exception seems to be thrown. And
prints whatever appear on the servlet output.


Before a container initialises a servlet, the following life-cycle phases occur; page translation,
load class, and create instance, that is, a servlet is created as a Java file, compiled, loaded into
memory and then instantiated.

After a JSP page is compiled into a servlet and loaded in the Java virtual machine, an instance of
the servlet is created and initialised before it is ready to service client requests.

35.Action JSP tag provides request-time instructions to the JSP engine.


37.Multiple occurences of the page directive using the import attribute may also be declared on a page.

38.The release() method is called on a Tag handler to release state. The page compiler guarantees that
JSP page implementation objects will invoke this method on all tag handlers, but there may be multiple
invocations on doStartTag and doEndTag in between.

39.Attributes, prefixes and names are case-sensitive. The following reserved words cannot be used as
prefix for the taglib directive: jsp, jspx, java, javax, servlet, sun and sunw.

40.You can use more than one taglib directive in a JSP.

41.<%@ taglib uri="/WEB-INF/tld/a.tld" prefix="mytag" %> ---- Using absolute URI
<%@ taglib prefix="mytag" uri="/myLib" %>---- Using relative URI

42.If taglib tld is declared in the web.xml :-


43.Tagdependent is the value that can be used to identify that the content of the body is only be used
by the tag-handler.

tagdependent: The body of the action is passed verbatim to be interpreted by the
tag handler itself, and is most likely in a different language. The body of the action may be empty.
No quoting is performed.
JSP: The body of the action contains elements using the JSP syntax. The body of the action may be empty.
empty The body must be empty

44.Only 2 attributes are mandatory when defining an individual tag. i.e "name" and "tag-class".

45.JspTagException extends JspException.

46.Sub attributes of <tag>

name: is the unique name.
tag-class: The tag handler implementation class.
tei-class: The subclass of javax.servlet.jsp.tagext.TagExtraInfo for this tag.
body-content: Provides a hint as to the content of the body of this action.
display-name: The display-name elements contains a short name that is intended to be displayed by tools.
large-icon: The large-icon element contains the name of a file containing a large (32 x 32) icon image.
small-icon: The small-icon element contains the name of a file containing a small (16 x 16) icon image.
variable: Provides information on the scripting variables defined by this tag.
example: The content of this element is intended to be an example of how to use the tag.
description: Optional tag-specific information.

47.Valid attributes when defining an individual JSP tag

48.Default scope of JavaBean is "page", if not specified.

49.For <jsp:useBean>
id: identifies the bean that we specify in the JSP page.
scope: declares the scope of the bean (page, request, application or session).
class: identifies the full qualified class name of the bean.
type: represents the type of the object.
beanName:is the name of the bean that is used as an argument to the instantiate() method of the
java.beans.Beans class.

50.IMPORTANT !!!1 :-
BeanName attribute has to be used together with the type attribute.

51.The ServletContext can be obtained from the current session or from the convenience method
getServletContext() defined in javax.servlet.GenericServlet.

52.short-name and tag are required elements within the tag library descriptor file. ?&^$%$#$
tlib-version and jsp-version are required elemets within the taglib element. ?^%$#%^*

53.Authorization is usually implemented by using an access control list (ACL).

54.Auditing is the process of recording user and application actions to log files. In the case
of a SECURITY BREACH, the log files can then be examined to help determine the cause of the
breach and help identify the responsible parties.

55.The realm element specifies the realm name to use in HTTP Basic authorisation.

56.IP spoofing : technique used to impersonate a trusted system in order to gain unauthorised access
to the system hosting the web site.



/SCWCD -> context path
/door -> servlet path
file.hall ->path info

The servlet container tries to match the longest path to the servlet mapping, the servlet container
uses the "/" separator to determine if a match can be found. If the servlet container cannot find a
rule that matches, it goes a directory below the hierarchy.

The extension match occurs only when the servlet path does not match any of the rules.

58.request URI= context path+ servlet path + path info
context path ->starts with "/" , but doesn't have to end with "/".

59.<!ELEMENT web-app (icon?, display-name?, description?,distributable?, context-param*, servlet*,
servlet-mapping*, session-config?, mime-mapping*, welcome-file-list?, error-page*, taglib*,
resource-ref*, security-constraint*, login-config?, security-role*, env-entry*, ejb-ref*)>

60.Include directive only substitutes the text of the specified resource into the including JSP page.
It doesn't actually include the resource.

This occurs during the translation phase of the life cycle of the JSP page.

61.<%@ include file="<%=policyfilename%>" %>
Incorrect because no processing can be done during translation time.

63.<%@ include %> and <jsp:forward> DOES NOT SUPPORT FLUSH attribute !!! (VVV IMP)

Considering the following situation

*A.jsp says <%@ include file="dir/B.jsp"%> and
dir/B.jsp says <%@ include file="C.jsp"%>
In this case the relative specification C.jsp resolves to dir/C.jsp

*A.jsp says <%@ include file="dir/B.jsp"%> and
dir/B.jsp says <jsp:include page="C.jsp"/>
In this case the relative specification C.jsp resolves to C.jsp.
(<jsp:include> goes to the root context)

*A.jsp says <jsp:include page="dir/B.jsp"/> and
dir/B.jsp says <%@ include file="C.jsp" %>
In this case the relative specification C.jsp resolves to dir/C.jsp

*A.jsp says <jsp:include page="dir/B.jsp"/> and
dir/B.jsp says <jsp:include page="C.jsp" />
In this case the relative specification C.jsp resolves to dir/C.jsp
(??? )

65<jsp aram> is used ONLY with <jsp:include> and <jsp:forward>

66.The log methods are declared in "ServletContext" and "GenericServlet" writes the
specified message to a servlet log file excluding the name of the servlet.


void log(java.lang.String message, java.lang.Throwable t)
in javax.servlet.GenericServlet
void log(java.lang.String message, java.lang.Throwable t)
in javax.servlet.ServletContext

67.sendError(int , str)

*sendError(int sc, String msg) can throw an IllegalStateException.
*Invoking sendError(int sc, String msg) causes the servlet container
to generate and send an appropriate HTML page to the client browser.
*Invoking sendError(int sc, String msg) causes the response to be committed.

68.When an exception is propagated to the servlet container, the container binds the
propagated exception to the request with the javax.servlet.error.exception attribute name.

req.setAttribute("javax.servlet.error.exception", ex);

69.The Data Access Object design pattern provides a common interface to access data in an underlying database.
This interface hides the details of accessing the database from the calling components. Therefore the
interface can be used to provide uniform database access for multiple types of databases. The interface
also forms a contract between the application code (usually the business tier) and the data access code
(the resource tier). This binding contract simplifies migration of one database to another because the
interface does not change when the underlying data source implementation changes.

70.The "Front Controller" manages the handling of invoking security services such as authentication and
authorisation, delegating business processing and view selection.

71.The business access code also manages the complexity of distributed component lookup and remote access
exception handling thus providing a simplified interface to business services, thus "reducing network traffic".

72.If the getIntHeader method cannot translate the header value to an int, a NumberFormatException is thrown.
If the getDateHeader method cannot translate the header to a Date object, an IllegalArgumentException is

73.The contents of the WEB-INF directory are visible to servlet code using the getResource and
getResourceAsStream method calls on the ServletContext, and may be exposed using the RequestDispatcher

74.The servlet/filter may throw the following errors while processing the requests:-
run time exceptions/ errors
ServletException (or subclasses)
IOExceptions (or subclasses)

75.Request_URI = Context_Path [1] + Servlet_Path [2] + Path_Info [3] + Query_String [4]

Context path
Specifies the path prefix associated with a web application mapping. For a default application
(rooted at the base of the web server's URL namespace), the context path is an empty string.
For a non-default application, the context path starts with a forward slash ('/') but does not
end with one. For example, /my_app_context maps requests that include /my_app_context to the
my_app_context application. The HttpServletRequest.getContextPath() method returns a string
representing the context path.

Servlet path
Specifies the portion of the URL that matches the servlet mapping. This starts with a slash ('/').
The HttpServletRequest.getServletPath() method returns a string representing the servlet path.

Path information.
Comprises the remaining portion of the request path prior to query string parameters. The
HttpServletRequest.getPathInfo() method returns a string representing the remainder of the path.

Query string.
Is contained in the request URL after the path. The HttpServletRequest.getQueryString() method
returns null if the URL does not have a query string. Same as the value of the CGI variable QUERY_STRING.

76.A filter that modifies a response must usually capture the response before it is returned to the client.
The way to do this is to pass a stand-in stream to the servlet that generates the response. The stand-in
stream prevents the servlet from closing the original response stream when it completes and allows the
filter to modify the servlet's response.

77.public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException,ServletException{

public void doTag() throws JspException, IOException {

public int doStartTag() throws JspException {

78.sendError will trigger the <error-page> defined in web.xml.
setStatus() won't. if you use setStatus, you have to provide the content to be returned. that is, you need
out.print(...), etc, and set some HTTP response header if it is necessary. sendError will set all the headers
automatically for setStatus() should only be used for setting normal HTTP response status, not for
error status. for error status you should use sendError().

79.RequestDispatcher cannot forward to an absolute URL (, but sendRedirect can.

80.<%@ include file="..." %>
*file relative
*Content IS parsed by JSP container

<jsp:include page="..." />
*page relative
*static or dynamic
*Content is NOT parsed by JSP container - it is included in place.
*URL to include can be constructed during execution of the page
*An included page CANNOT change the response status code or set headers.

81."Content-Type" attribute value cannot be computed at request time.

82page directive is evaluated ONLY ONCE during translation phase, and not during execution phase.

83.public abstract class JspContext {
public abstract void setAttribute(String name, Object value);
public abstract void setAttribute(String name, Object value, int scope);
public abstract Object getAttribute(String name);
public abstract Object getAttribute(String name, int scope);
public abstract Object findAttribute(String name);
public abstract void removeAttribute(String name);
public abstract void removeAttribute(String name, int scope);
public abstract int getAttributesScope(String name);
public abstract Enumeration getAttributeNamesInScope(int scope);
public abstract JspWriter getOut();

public abstract class PageContext extends JspContext {
public abstract javax.servlet.http.HttpSession getSession();
public abstract java.lang.Object getPage();
public abstract javax.servlet.ServletRequest getRequest();
public abstract javax.servlet.ServletResponse getResponse();
public abstract java.lang.Exception getException();
public abstract javax.servlet.ServletConfig getServletConfig();
public abstract javax.servlet.ServletContext getServletContext();

public abstract void forward(java.lang.String relativeUrlPath)
throws javax.servlet.ServletException,;
public abstract void include(java.lang.String relativeUrlPath)
throws javax.servlet.ServletException,;
public abstract void handlePageException(java.lang.Exception e)
throws javax.servlet.ServletException,;

84.Identifier type Example use Method invoked
JavaBean (colorBean.getRed() ) :-

Array (Array.get(colorArray, 2) ):-

List (colorList.get(2) ) :-

${colorMap[red]} colorMap.get(pageContext.findAttribute("red"))
${colorMap["red"]} colorMap.get("red")

85.For <jsp:useBean>, At least ONE of type and class MUST be present, and it is NOT VALID to
provide both class and beanName.

86.A TLD is invalid if it specifies "JSP" as the value for <body-content> for a tag whose
handler implements the SimpleTag interface.

The eight implicit objects in jsp pages are not visible in declarations.
They are visible in scriplets and expressions.

ie These variables are created ONLY in _jspService() method.

88.Types returned by the ServletContext method getResource(path) and getResourceAsStream(path)
:-URL and InputStream

URL getResource(path);
InputStream getResourceAsStream(path)

path should begin with "/".

89.If there is defined an error page for an exception and a servlet included through a
RequestDispathcer generates an exception,the standard mechanism of calling that error page is not used,
so the calling servlet can process the excpetion.

90.init() throws ServletException
service() throws ServletException and IOException
destroy throws nothing and all doXxx throws ServletException and IOException.

91.Regarding HttpServletResponse's buffer:-
*reset will clear uncommited data including headers and status line
*resetBuffer won't clear headers nor status line

The security model doesn't apply when a servlet uses a RequestDispathcer to include or forward a resource.
Also for error pages (it seems).

It only gets applied when used for filters


Specifies that an application is distributable.

94.When a web application is deployed into a container, the following steps must be performed, in this order,
before the web application begins processing client requests.
1. Instantiate an instance of each event listener identified by a <listener> element in the
deployment descriptor.
2. For instantiated listener instances that implement ServletContextListener, call the
contextInitialized() method.
3. Instantiate an instance of each filter identified by a <filter> element in the deployment
descriptor and call each filter instance�s init() method.
4. Instantiate an instance of each servlet identified by a <servlet> element that includes a
<load-on-startup> element in the order defined by the load-onstartup element values, and call
each servlet instance�s init() method.

95.The file data can be retrieved in the servlet(request) by extracting the ServletInputStream
(for binary file) or the Reader (for text file) from the request.

96.Only the following directives are valid for tag files:
taglib, include, tag, attribute, variable.

97.If body-content is tagdependent, it must implement the BodyTag interface. !!!%^&&#%&#.

98.You cannot throw non runtime business exceptions from the servlet code because the signatures of the
doXXX and service method only permit IOException and ServletException.

99.For a custom tag that can take any number of arbitrary attributes: -
*The tag element in the TLD file for the tag must have
*The class implementing the tag must implement
javax.servlet.jsp.tagext.DynamicAttributes interface.

100.You cannot embed one tag inside another tag's attribute list. (Although you can nest one tag inside

default :- JSP

102.In jsp page if we use request.getSession(false) for a first time access, it will return a valid session
because the session="true" kicks in !!!

103.Using HTTP GET method, you cannot pass BINARY DATA.

104.To send some data to the client in a special character encoding,
setHeader("Content-Encoding", "MyEncoding")

105.URI paths specified are assumed to be URL decoded form.

106.login-config doesn't have mandatory sub-elements.

107.If the argument of the sendRedirect, encodeURL, encodeRedirectURL methods begins with '/', than it is a
relative to the container's root (not to the web application's root).

108.The security-role tag can contain only one role-name tag---------- Is this correct ???

109.The sendRedirect method will throw an IllegalStateException when the reponse header has been sent to
the browser.

110.Business Delegate:-
The Business Delegate design pattern provides a common interface to access different business services
across a network. The interface forms a contract between the application code (usually the presentation
tier) and business service APIs (the business tier). This contract is implemented as a Java object known
as the business delegate object which contains the business service access code that talks to the
underlying business services. This contract simplifies development of the presentation layer because the
business service APIs are abstracted by the interface. Therefore any changes to the business services API
are localised to the business delegate object. Because the interface does not change when business service
access code is modified, the application calling the business delegate object is is unaffected by any
changes to the business service APIs. The business access code also manages the complexity of distributed
component lookup and remote access exception handling thus providing a simplified interface to business
services. The results of remote invocation may also be cached in the business delegate object therefore
reducing the amount of data transmitted across the network.

111.The sendError method changes the content-type to text/html.
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Giju

Brilliant Work !!!
Thanks for making it available to all WCD buddies
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Giju

thank you verymuch for providing this valuable resource!!!

SCJP 1.4
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Really good.

Ranch Hand
Posts: 90
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I just wanted to thank you for your time and tremendous contribution to enabling the rest of us to succeed on this exam. Thank you very much.

Jerry Bustamente
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Giju George,

Realy appreciate ur hard work but little ambiguity about Point (14) that " The context and session scopes are not thread safe, while the request scope is thread safe for all practical purposes because only one thread services one request."

But I got the following reference to Servlet Specification 2.3 version. Please refer SRV. for more specific information.

It states that,
"Implementations of the request and response objects are not guaranteed to be thread safe. This means that they should only be used within the scope of the request handling thread. References to the request and response objects must not be given to objects executing in other threads as the resulting behavior may be nondeterministic."

What is the difference between these statements.

Ranch Hand
Posts: 303
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Giju George,

Thanks a lot for sharing this study notes with us. I have cleared my SCJP 1.4 today and am planning to study for SCWCD.

Thanks once again!
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Excellent notes for preparation.
Posts: 9000
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ranch Hand
Posts: 177
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I came across this nice thread , very useful .
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you very much for providing such useful notes.
Ranch Hand
Posts: 368
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you very much.
This is very useful to SCWCD aspirants.
Ranch Hand
Posts: 124
Eclipse IDE MySQL Database Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Great Job...

Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think the <security-role> tag can contain multipe number of <role-name> tags
Our first order of business must be this tiny ad:
Thread Boost feature
    Bookmark Topic Watch Topic
  • New Topic