Win a copy of Spark in Action this week in the Open Source Projects forum!

Phillipe Eduardo Lemos

+ Follow
since Aug 10, 2007
Phillipe likes ...
C++ Java Ubuntu
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Phillipe Eduardo Lemos


The answer for this question is scope. In EL API the VariavelResolver object search for name in pagecontext scope, request scope, session scope, application scope and returns the first ocurrence
(See JSP specification 2.0 pag. 1-75 session 2.5 - The scope of scriptlet code is local to _jspService. But if
you put the scripting variable in some of scope where EL look for then it's work. Try the follow code

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri=""; %>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "">;
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
String[] cities = {"Rio de Janeiro", "New York", "London","Japan"};
pageContext.setAttribute("cities", cities);
<select id="Cidades" name="cidades"
<c:forEach begin="0" end="3" var="i">
Hi Aniruddhaa jadhaoa

You can't pass more than one value to a servlet init parameter. But the best way is to follow the advise of Kathir Renu with comma separator, then you can
handle in servlet code and quick slipt values with StringTokenizer or using another way.
Some like this


Phillipe Lemos
Hi Mamadou Tour�

The method setMaxInactiveInterval set the time in seconds between the clients requests before sevlet container invalidate the session. The negative values indicate that session will never timeout. If you want to invalidate the session it has two possibilities
a) call invalidate method of HttpSession.
b) set setMaxInactiveInterval to zero.

The method setMaxAge set the maximum age of cookie in seconds. The positive values indicate that the cookie will expire after that many seconds have passed. The negative value means that the cookie
it's not stored persistently and will be deleted when the browser exits. If the value is zero the cookie will delete.

Phillipe Lemos
Hi Mamadou Tour�

It's wrong. He mixes the concepts of authentication and authorization, and
in the first part of chapter 12 he didn't describe the conceptions listed.

I didn't see the benefits of use the securety-role-ref in the document.(see last paragraph of pag. 91 of servlet specification 2.4 or pag. 87 of servlet specification 2.5).

He has mentioned that restrictions were applied to request made outside the webapp. But he didn't mention when the container didn't apply the security model . "The security model doesn't apply when a servlet uses the RequestDispacher to invoke a static resource or servlet using a include or a forward." (See sevlet specicifaction session 12.2)

In session auth-constraint combinations, he mentioned that list of users, but the correct word is role, because we don't apply constraint to a user.

When he described the programatic authentication he mentioned three methods of HttpServletRequest interface. The title it's not programatic authentication, but programatic security. And the use
of getUserPrincipal provide the principal name of current user and returns object.

In session Confidentiality he puts :


It's wrong. The transport garantee is a nested tag under <user-data-constrant>. This tag is responsible for constrain request be recived over a protected transport layer connection
(see servlet spec 2.4 on session 12.8 or servlet spec 2.5 session 12.7)






The conception of value NONE it's incomplete.
NONE - indicates that the container must accept the constrained request whe recived on any connection including unprotected one.

Phillipe Lemos
Hi Ranjan

The function of TLD file is provide tag library information to JSP container. In this case the tags are declared
in tag files in the same directory of TLD file. Look at JSP specification 2.0
at for more detail.

Phillipe Lemos
Hi Ranjan

You can put in two places.

1) META_INF/tags (or a subdirectory of /META-INF/tags) in a JAR file in WEB-INF/lib.

2) WEB-INF/tags or a subdirectory of web app.

See section JSP 8.4.1 of JSP specification 2.0 (

Phillipe Lemos
Hi Anut

It�s works.
You have wrote that browser prompt the login/password and you entered these information. But you have gotten 401 error after some attempts. So, if the configuration was wrong, probably the app didn�t start, and you cound see an error at tomcat�s log.
This error message, 401, represents a wrong user and/or password entered by user.(See at, for http messages)
To see the headers informations use LiveHttpHeaders ( for Mozila Firefox.

Phillipe Lemos