SCWCD Notes Building JSP Pages Using Standard Actions -<jsp:useBean> attributes: id, scope, class, type, beanName
-<jsp:useBean> class and beanName attributes cannot be used together.
-<jsp:useBean> MUST have class OR beanName for bean to be instantiated
-<jsp:useBean class=�com.Book�> - Book MUST have a no args constructor
<jsp:useBean id=�account� class=�com.Account�>
- Will only go in here if the bean is not found
</jsp:useBean>
-<jsp:setProperty name=�person� property=�firstname� param=�fname� />
-<jsp:setProperty> the property type MUST be
String or primitive - what will happen
-<jsp:useBean class="com.bookstore.Book" type="com.bookstore.MusicCD" id="bookorcd" />, if Books DOES NOT extend MusicCD class - code will not compile
Building JSP Pages Using Tag Library -<c:url value="value" [context="context"] [var="varName"] [scope="{page|request|session|application}"]/> - var is optional use a variable to see encoded URL.
No body:
<a href="<c:url value='/cart.jsp?userid=jjrun1� />">View Cart</a>
With body:
<c:url value="/content/search.jsp">
<c

aram name="keyword" value="${searchTerm}"/>
<c

aram name="date" value="24/02/2004"/>
-<jsp.directive taglib /> DOES NOT EXIST as tag library info is provide in <jsp:root> but there is a scriplets taglib directive <%@ taglib=�/WEB-INF/tags/cool� prefix=�cool� %>
-escapeXML=�false� - any HTML tags are evaluated and the default is TRUE
Building JSP Pages Using the Expression Language -11 EL implicit objects: pageScope, requestScope, sessionScope, applicationScope, param, paramValues, header, headerValues, cookie, initParam and pageContext.
-header implements a map of name and String value.
-headerValues implements a map of name and String[] of the values.
-Differences between EL implicit objects and JSP implicit objects:
oEL pageScope vs. JSP page
oEL requestScope vs. JSP request
oEL sessionScope vs. JSP session
oEL applicationScope vs. JSP application
-EL can �read� bean properties BUT CANNOT change/set properties - ${product.pid}=${param.id}
-music[Genre] container finds the Genre bound attribute and uses the value as the key into a map
-music[�Genre�] use the value �Genre� as the key into a the music map.
-<c:forEach> can iterate over Collections and Maps - uses p.key and p.value.
Building a Custom Tag Library
-Only the 5 directives are valid for tag files: taglib, include, tag, attribute, variable.
-No such directive: import.
-<calc:insurance age="<%=request.getParameter("age")%>"></calc:insurance> - can only dynamic attribute if <attribute> sub element <rtexprvalue>true</rtexprvalue> is present
-<body-content> options
oEMPTY - MUST not have a body
oSCRIPTLESS - NO scripting elements, but can have template text and EL
oTAGDEPENDENT - body is treated as plain text, so EL is not evaluated
oJSP - tag body can have anything including scriplets
-SimpleTag does not support <body-content> tag JSP value, as SimpleTag is translated in JspFragment which does not support scriplets.
-<taglib-location>lib/graphlib.jar</taglib-location> - if does not start with �/� the container will add /WEB-INF/
Session Management -response.encodeURL(): is used to encode a URL hyperlink
-response.encodeRedirectURL(): is used to redirect the request to a different URL
-session.setMaxIntactiveIntetval() uses seconds
o0 = current session is invalidated
o-1 = current session is never invalidated - inconsistencies between 0 and -1
-<session-time> uses minutes
o0 or -1 causes all sessions never to be invalidated
The JSP Technology Model <% int i = 0;
while(i < 5) {
"Hello World"
i++;
} %>
This will not compile because of the dangling "Hello world".
-9 implicit objects: out, request, response, session, application, config, exception, pageContext and page.
-<%=�� %> compiles to out.println(��);
-page refers to current
servlet whereas pageContext refers
<%
response.getOutputStream().print(�Hello �);
out.println(�World�);
%>
Using both OutputStream and JspWriter will throw runtime exceptions
-3 types of directives: page, include and taglib.
-Lifecycle: translated, compiled, loaded, instantiated, jspInit, _jspService, jspDestroy
<html>
<body>
<%! int MIN; %>
Value of MIN is: <% = MIN %> - WONT compile because of the space between <% and =.
</body>
</html>
-request.getSession(false) would usually return NULL for first request HOWEVER in the case of JSP pages the session is automatically created by default. I.e. <%@ page session="true" %>
The Structure and Deployment of Web Applications -API
ojavax.servlet.Servlet interface
getServletConfig(), getServletContext()
ojavax.servlet.GenericServlet class
getInitParameter(), getInitParameterNames()
ojavax.servlet.http.HttpServlet class
service(), doGet(), doPost()
-URI: /myapp/account/*
o/myapp - request.getContextPath()
o/account - request.getServletPath()
o/* - getPathInfo()
-Directory match: MUST start with �/� and CANNOT have an extension
-Extension match: MUST start with �*� and doesn�t have to have an extension �*.*� is valid
Servlet Technology Model -SingleThreadModel does not ensure
thread safety as developer could create thread in doXXX() method which could access instance members or static fields.
-request.getDateHeader(�Accept�) - throws an IllegalArgument exception, header �Accept� contains string like �image/gif� which cannot be parsed.
-The default implementation of HttpServlet class's doHead() method calls the doGet() method.
-Distributed environment: separate non-default ServletContext instance per JVM and one default ServletContext will be present on one of the JVMs.
-POST is used to send binary data to a servlet for processing.
-If service() is overridden an NO super.service() then container WON�T be able to determine which doXXX method to call and will display a BLANK page.
The Web Container Model
-request.getRequestDispatcher(�cart.jsp�); - relative path NO forward slash
-getServletContext().getRequestDispatcher(�/cart.jsp�); - MUST use forward slash
-InputStream in = getServletContext().getResourceAsStream(�/WEB-INF/data.zip�); - MUST use forward slash
-Request and Response API
ojavax.servlet.http.HttpServletRequest
getHeader(), getMethod(), getSession(), getParameter(), getParameterValues(), getParameterNames()
ojavax.servlet.http.HttpServletResponse
addCookie(), addHeader(), encodeURL(), encodeRedirectURL(), setStatus(), sendError()
-Attribute & Listeners API
ojavax.servlet.http.ServletRequestListener
requestInitialized(), requestDestroyed()
ojavax.servlet.http.ServletRequestAttributeListener
attributeAdded(), attributeRemoved(), attributeReplaced()
ojavax.servlet.http.HttpSessionListener
sessionCreated(), sessionDestroyed()
ojavax.servlet.http.HttpSessionAttributeListener
attributeAdded(), attributeRemoved(), attributeReplaced()
ojavax.servlet.http.HttpSessionBindingListener
valueBound(), valueUnbound()
ojavax.servlet.http.HttpSessionActivationListener
sessionDidActivate(), sessionWillPassivate()
ojavax.servlet.http.ServletContextListener
contextInitialized(), contextDestroyed()
ojavax.servlet.http.ServletContextAttributeListener
attributeAdded(), attributeRemoved(), attributeReplaced()
-HttpSessionBindingListener is NOT defined in deployment descriptor
-HttpSessionBindingListener notifies attribute itself when added or removed to session, HttpSessionAttributeListener does not notify attribute added or removed is notifies the registered listener
-session.invalidated() will invoke sessionDetroyed() THEN valueUnbound()
-PrinterWriter is response.getWriter() to print() or println() or printf()
-ServletOutputStream is response.getOutputStream() to only write()
-getRootCause() is the ServletException method used to retrieve business exception
-invoke response.sendError() then out.println() WILL NOT cause an error and data will be ignored.
-Cannot throw check exceptions in doXXX, method only permits ServletException and IOException.
Web Application Security -Http spec - BASIC and DIGEST
-J2EE spec - FORM and CLIENT-CERT
-BASIC plain-text; security mechanisms utilizes the concept of a realm
-DIGEST encrypted; security mechanism is optional for
J2EE container to implement
-FORM plain-text
-CLIENT-CERT encrypted
-Arranged in increasing strength: FORM, BASIC, DIGEST then CLIENT-CERT
[ December 23, 2008: Message edited by: Justin Rundle ]