• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Head First Problem

 
Ranch Hand
Posts: 183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is from Head First Mock Exam -


1. Which statements about HTTP Session are true?

A. Java EE Containers must support HTTP Cookies
B. Java EE Containers must support URL rewriting
C.Java EE Containers must support SSL
D.Java EE Containers must support HTTP sessions, even for clients that do not
support cookies.

THE SERVLET SPEC SAYS -

SRV.7.1 Session Tracking Mechanisms
The following sections describe approaches to tracking a user’s sessions

SRV.7.1.3 URL Rewriting
URL rewriting is the lowest common denominator of session tracking. When a
client will not accept a cookie, URL rewriting may be used by the server as the basis
for session tracking.
URL rewriting involves adding data, a session ID, to the URL
path that is interpreted by the container to associate the request with a session.
The session ID must be encoded as a path parameter in the URL string. The
name of the parameter must be jsessionid. Here is an example of a URL
containing encoded path information:
http://www.myserver.com/catalog/index.html;jsessionid=1234



According to the spec - "URL rewriting may be used by the server as the basis
for session tracking." So its not a requirement. Hence Answer B should be false.
THis is also what I understood from the errata for this question.

Am I right ? Please correct me if I have misunderstood anything.


ANOTHER THING -

Is a J2EE container required to support SSL (here I do not mean ssl session tracking,just SSL) at all.Accoording to the spec -

All servlet containers must support HTTP as a protocol for requests and
responses, but additional request/response-based protocols such as HTTPS
(HTTP over SSL) may be supported.



So a j2EE container may or may not support SSL ?
 
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What are the answers in the mock exam?
 
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You could check your concerns at http://oreilly.com/catalog/errata.csp?isbn=9780596516680
 
Simran Dass
Ranch Hand
Posts: 183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator



In my post I have mentioned that I have consulted the errata.
 
Creator of Enthuware JWS+ V6
Posts: 3411
320
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Simran,

According to the spec - "URL rewriting may be used by the server as the basis
for session tracking." So its not a requirement. Hence Answer B should be false.
THis is also what I understood from the errata for this question.


Yes, you are right. The Servlet spec requires two things:
  • Session tracking through HTTP Cookies
  • An alternative session tracking mechanism when Cookies can not be used

  • For the second requirement servlet containers mostly implement URL rewriting, but it is not required.

    Is a J2EE container required to support SSL


    No, but creating a servlet container without the possibility of HTTPS (HTTP over SSL) doesn't make sense. (SSL is just the encryption protocol on top of the TCP layer)

    Regards,
    Frits
     
    Simran Dass
    Ranch Hand
    Posts: 183
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator

    Thankyou so much Frits . Hey Ankit you do not reply to my queries these days.



    1) In the question :


    Which statements about HTTP Session support are true?

    A. Java EE Containers must support HTTP Cookies
    B. Java EE Containers must support URL rewriting
    C.Java EE Containers must support SSL
    D.Java EE Containers must support HTTP sessions, even for clients that do not
    support cookies.

    The answer given in Kathy Sierra is A,C and D . I could not understand how options C and D are true.


    2) Another thing - if HTTPS is Not a required protocol by J2EE then how come "HTTPS
    Client Authentication (which uses HTTPS) " is REQUIRED because according to the spec
    only "DIGEST Authentication" is optional . Is HTTPS Client Authentication also optional - I
    do not think so .


    Soooo Confusing


     
    Sheriff
    Posts: 9707
    43
    Android Google Web Toolkit Hibernate IntelliJ IDE Spring Java
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator

    Hey Ankit you do not reply to my queries these days.


    Yes I'm a little busy these days and my internet is also not working properly.

    The questions that you are asking are a little confusing to most of the people. The servlet spec is not very clear on these things. Like for SSL the spec says

    SRV.12.5.4 wrote:Servlet containers that are not J2EE technology compliant are not required to support the HTTPS protocol.


    So if you look at this statement in the opposite way, J2EE complaint containers are required to support HTTPS (HTTP over SSL) which makes option C correct. As far as option D is concerned, the spec clearly says that containers must support session for clients that don't accept cookies

    SRV.7.1.4 wrote:Web containers must be able to support the HTTP session while servicing HTTP requests from clients that do not support the use of cookies.

     
    Simran Dass
    Ranch Hand
    Posts: 183
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator

    Hi Ankit. Good to see your reply.

    Nice to know that it is confusing to others also I am not the only one.
     
    Ranch Hand
    Posts: 37
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Hi Simran, I see a lot of questions posted by you..Good to see your posts which are also helping me & others in clarifying things ..Also wondering whether you have any SCWCD 1.5 material, If so please post it here. Thanks in advance
     
    Simran Dass
    Ranch Hand
    Posts: 183
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator


    Thanks Shobhan.

    I would have loved to share material with others . I read head first , specs ( sometimes) and
    search the net . Tell me the topic you need material on .
     
    Shobhan Ganta
    Ranch Hand
    Posts: 37
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Hi Simran, I felt custom tags are little tricky when compared to other topics. i love to see some notes on that. my email id is gshobhan@gmail.com..thanks in advance
     
    Greenhorn
    Posts: 1
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator

    Simran,

    please mail me head first at shayak_c@yahoo.com

    Thanks much!!
     
    Ranch Hand
    Posts: 252
    Android Eclipse IDE Ubuntu
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator

    Simran Dass wrote:

    1. Which statements about HTTP Session are true?

    A. Java EE Containers must support HTTP Cookies
    B. Java EE Containers must support URL rewriting
    C.Java EE Containers must support SSL
    D.Java EE Containers must support HTTP sessions, even for clients that do not
    support cookies.



    So reading the whole thread here, this is what I have understood:

    As per specs, a JEE container:
    Must support HTTP Cookies
    May support URL rewriting
    May support SSL
    Must support HTTP sessions, even for clients that do not support cookies.

    Is that correct?

    Also, how can the last one be a MUST, if the second one is a MAY?

    If not cookies, then URL rewriting is the only way to ensure session tracking (at least in my limited knowledge)
    So how can there be a container that does NOT support URL rewriting and yet, supports HTTP sessions for a non-cookie-supporting client?

    Hope my questions make sense
     
    Frits Walraven
    Creator of Enthuware JWS+ V6
    Posts: 3411
    320
    Android Eclipse IDE Chrome
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator

    As per specs, a JEE container:
    Must support HTTP Cookies
    May support URL rewriting
    May support SSL
    Must support HTTP sessions, even for clients that do not support cookies.

    Is that correct?


    Yes, where the SSL MAY could as well be a MUST, see the explanation by Ankit

    Also, how can the last one be a MUST, if the second one is a MAY?


    URL rewriting is mostly used to fulfill the requirement of HTTP sessions for clients that do not support Cookies, but there is room for another implementation (like SSL sessions)

    If not cookies, then URL rewriting is the only way to ensure session tracking (at least in my limited knowledge)
    So how can there be a container that does NOT support URL rewriting and yet, supports HTTP sessions for a non-cookie-supporting client?


    When you develop your own (open source) container, you can think of an (even better) protocol then all the known solutions so far

    Regards,
    Frits
     
    With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
    reply
      Bookmark Topic Watch Topic
    • New Topic