More Servlets and JavaServer Pages

Quantified Score

Visualization

Abstract

From the Book:IntroductionSuppose your company wants to sell products online. You have a database that gives the price and inventory status of each item. But, your database doesn't speak HTTP, the protocol that Web browsers use. Nor does it output HTML, the format Web browsers need. What can you do? Once users know what they want to buy, how do you gather that information? You want to customize your site based on visitors' preferences and interests-how? You want to let users see their previous purchases, but you don't want to reveal that information to other visitors. How do you enforce these security restrictions? When your Web site becomes popular, you might want to compress pages to reduce bandwidth. How can you do this without causing your site to fail for the 30% of visitors whose browsers don't support compression? In all these cases, you need a program to act as the intermediary between the browser and some server-side resource. This book is about using the Java platform for this type of program."Wait a second," you say. "Didn't you already write a book about that?" Well, yes. In May of 2000, Sun Microsystems Press and Prentice Hall released my second book, Core Servlets and JavaServer Pages. It was successful beyond everyone's wildest expectations, selling approximately 100,000 copies in the first year, getting translated into Bulgarian, Chinese, Czech, French, German, Hebrew, Japanese, Korean, Polish, Russian, and Spanish, and being chosen by Amazon.com as one of the top five computer programming books of 2001. Even better, I was swamped with requests for what I really like doing: teaching short courses for developers in industry. Despite having to decline most of the requests, I was still able to teach servlet and JSP short courses in Australia, Canada, Japan, the Philippines, and at a variety of U.S. venues. What fun!Since then, use of servlets and JSP has continued to grow at a phenomenal rate. The Java 2 Platform has become the technology of choice for developing e-commerce applications, dynamic Web sites, and Web-enabled applications and service. Servlets and JSP continue to be the foundation of this platform—they provide the link between Web clients and server-side applications. Virtually all major Web servers for Windows, Unix (including Linux), MacOS, VMS, and mainframe operating systems now support servlet and JSP technology either natively or by means of a plugin. With only a small amount of configuration, you can run servlets and JSP in Microsoft IIS, iPlanet/Netscape Enterprise Server, the Apache Web Server, IBM WebSphere, BEA WebLogic, and dozens of other servers. Performance of both commercial and open-source servlet and JSP engines has improved significantly. However, the field continues to evolve rapidly. For example:The official servlet and JSP reference implementation is no longer developed by Sun. Instead, it is Apache Tomcat, an open-source product developed by a team from many different organizations.Use of Web applications to bundle groups of servlets and JSP pages has grown significantly. Portable mechanisms for enforcing Web application security have started to displace the server-specific mechanisms that were formerly used. Version 2.3 of the servlet specification was released (August 2001). New features in this specification include servlet and JSP filters, application life-cycle event handlers, and a number of smaller additions and changes to existing APIs and to the deployment descriptor (web.xml). Version 1.2 of the JSP specification was released (also August 2001). This version lets you bundle event listeners with tag libraries, lets you designate XML-based programs to check the syntax of pages that use custom tags, and supplies interfaces that let your custom tags loop more efficiently and handle errors more easily. JSP 1.2 also makes a number of smaller changes and additions to existing APIs and to the TLD file format.XML has become firmly entrenched as a data-interchange language. Servlet and JSP pages use it for configuration files. Tag library validators can use it to verify custom tag syntax. JSP pages can be represented entirely in XML.Throughout 2000 and 2001, the JSR-052 expert group put together a standard tag library for JSP. In November of 2001 they released early access version 1.2 of this library, called JSTL (JSP Standard Tag Library). This library provides standard tags for simple looping, iterating over a variety of data structures, evaluating content conditionally, and accessing objects without using explicit scripting code.Whew. Lots of changes. The new features are very useful, but is there a single place where you can learn about all of them? Here! That's why I wrote this book: to show developers how to make use of all of these new features. If you aren't familiar with basic servlet and JSP development, don't worry. I provide a thorough review at the beginning of the book. Who Should Read This BookThis book is aimed at two main groups.The first group is composed of people who are familiar with basic servlet and JSP development and want to learn how to make use of all the new capabilities I just described. However, if you are new to this technology, there is no need to go away and learn older servlet and JSP versions and then come back to this book. Assuming you are familiar with the basics of the Java programming language itself, you fit into the second main group for whom this book is designed. For you, I start the book with a detailed review of the foundations of servlet and JSP programming, set in the context of the servlet 2.3 and JSP 1.2 specifications. Furthermore, when space prevents coverage of some of the finer points of basic development, I cite the specific sections of Core Servlets and JavaServer Pages that provide details and put those sections online at http://www.moreservlets.com.Although this book is well suited for both experienced servlet and JSP programmers and newcomers to the technology, it assumes that you are familiar with basic Java programming. You don't have to be an expert Java developer, but if you know nothing about the Java programming language, this is not the place to start. After all, servlet and JSP technology is an application of the Java programming language. If you don't know the language, you can't apply it. So, if you know nothing about basic Java development, start with a good introductory book like Thinking in Java, Core Java, or Core Web Programming. Come back here after you are comfortable with at least the basics.Book DistinctivesThis book has four important characteristics that set it apart from many other similar-sounding books:Integrated coverage of servlets and JSP. The two technologies are closely related; you should learn and use them together.Real code. Complete, working, documented programs are essential to learning; I provide lots of them.Step-by-step instructions. Complex tasks are broken down into simple steps that are illustrated with real examples.Server configuration and usage details. I supply lots of concrete examples to get you going quickly.Integrated Coverage of Servlets and JSPOne of the key philosophies behind Core Servlets and JavaServer Pages was that servlets and JSP should be learned (and used!) together, not separately. After all, they aren't two entirely distinct technologies: JSP is just a different way of writing servlets. If you don't know servlet programming, you can't use servlets when they are a better choice than JSP, you can't use the MVC architecture to integrate servlets and JSP, you can't understand complex JSP constructs, and you can't understand how JSP scripting elements work (since they are really just servlet code). If you don't understand JSP development, you can't use JSP when it is a better option than servlet technology, you can't use the MVC architecture, and you are stuck using print statements even for pages that consist almost entirely of static HTML.In this book, an integrated approach is more important than ever. Web applications let you bundle both servlets and JSP pages into a single file or directory. The custom URLs, initialization parameters, preload settings, and session timeouts of the deployment descriptor apply equally to servlets and JSP pages. Declarative security applies equally to both technologies. The new filtering capability applies to both. Event listeners apply to both. The jx portion of the JSP standard tag library (JSTL) is mostly predicated on the assumption that the JSP page is presenting data that was established by a servlet. Servlets and JSP go together!Real CodeSure, small code snippets are useful for introducing concepts. The book has lots of them. But, for you to really understand how to use various techniques, you also need to see the techniques in the context of complete working programs. Not huge programs: just ones that have no missing pieces and thus really run. I provide plenty of such programs, all of them documented and available for unrestricted use at www.moreservlets.com.Step-by-Step InstructionsWhen I was a graduate student (long before Java existed), I had an Algorithms professor who explained in class that he was a believer in step-by-step instructions. I was puzzled: wasn't everyone? Not at all. Sure, most instructors explained simple tasks that way, but this professor took even highly theoretical concepts and said "first you do this, then you do that," and so on. The other instructors didn't explain things this way; neither did my textbooks. But, it helped me enormously.If such an approach works even for theoretical subjects, how much more should it work with applied tasks like those described in this book? Server Configuration and Usage DetailsWhen I first tried to learn server-side programming, I grabbed a couple of books, the official specifications, and some online papers. Almost without fail, they said something like "since this technology is portable, we won't cover specifics of any one server." Aargh. I couldn't even get started. After hunting around, I downloaded a server. I wrote some code. How did I compile it? Where did I put it? How did I invoke it? Servlet and JSP code is portable. The APIs are standardized. But, server structure and organization are not standardized. The directory in which you place your code is different on ServletExec than it is on JRun. You set up SSL differently with Tomcat than you do with other servers. These details are important.Now, I'm not saying that this is a book that is specific to any particular server. I'm just saying that when a topic requires server-specific knowledge, it is important to say so. Furthermore, specific examples are helpful. So, when I describe a topic that requires server-specific information like the directory in which to place a Web application, I first explain the general pattern that servers tend to follow. Then, I give very specific details for three of the most popular servers that are available without cost for desktop development: Apache Tomcat, Macromedia/Allaire JRun, and New Atlanta ServletExec.How This Book Is OrganizedThis book consists of five parts:Part I: The Basics. Server setup and configuration. Basic servlet programming. Basic JSP programming. Part II: Web Applications. Using and deploying Web applications. Controlling behavior with web.xml. A larger example. Part III: Web Application Security. Declarative security. Programmatic security. SSL.Part IV: Major New Servlet and JSP Capabilities. Servlet and JSP filters. Application life-cycle event listeners.Part V: New Tag Library Capabilities. New tag library features in JSP 1.2. The JSP Standard Tag Library (JSTL).Part I: The BasicsServer setup and configuration. Downloading the JDK. Obtaining a development server.Configuring and testing the server.Deploying and accessing HTML and JSP pages.Setting up your development environment.Deploying and accessing servlets.Simplifying servlet and JSP deployment.Basic servlet programming. The advantages of servlets over competing technologies.The basic servlet structure and life cycle.Servlet initialization parameters.Access to form data.HTTP 1.1 request headers, response headers, and status codes.The servlet equivalent of the standard CGI variables.Cookies in servlets.Session tracking.Basic JSP programming. Understanding the benefits of JSP.Invoking Java code with JSP expressions, scriptlets, and declarations.Structuring the servlet that results from a JSP page.Including files and applets in JSP documents.Using JavaBeans with JSP.Creating custom JSP tag libraries.Combining servlets and JSP: the Model View Controller (Model 2) architecture.Part II: Web ApplicationsUsing and deploying Web applications. Registering Web applications with the server.Organizing Web applications.Deploying applications in WAR files.Recording Web application dependencies on shared libraries.Dealing with relative URLs.Sharing data among Web applications.Controlling Web application behavior with web.xml. Customizing URLs.Turning off default URLs.Initializing servlets and JSP pages.Preloading servlets and JSP pages.Declaring filters for servlets and JSP pages.Designating welcome pages and error pages.Restricting access to Web resources.Controlling session timeouts.Documenting Web applications.Specifying MIME types.Locating tag library descriptors.Declaring event listeners.Accessing J2EE Resources.Defining and using a larger Web application.The interaction among components in a Web application.Using sessions for per-user data.Using the servlet context for multiuser data.Managing information that is accessed by multiple servlets and JSP pages.Eliminating dependencies on the Web application name.Part III: Web Application SecurityDeclarative security. Understanding the major aspects of Web application security.Authenticating users with HTML forms.Using BASIC HTTP authentication.Defining passwords in Tomcat, JRun, and ServletExec.Designating protected resources with the security-constraint element.Using login-config to specify the authentication method.Mandating the use of SSL.Configuring Tomcat to use SSL.Programmatic security. Combining container-managed and programmatic security.Using the isUserInRole method.Using the getRemoteUser method.Using the getUserPrincipal method.Programmatically controlling all aspects of security.Using SSL with programmatic security.Part IV: Major New Servlet JSP CapabilitiesServlet and JSP filters. Designing basic filters.Reading request data.Accessing the servlet context.Initializing filters.Blocking the servlet or JSP response.Modifying the servlet or JSP response.Using filters for debugging and logging.Using filters to monitor site access.Using filters to replace strings.Using filters to compress the response.Application life-cycle event listeners.Understanding the general event-handling strategy.Monitoring servlet context initialization and shutdown.Setting application-wide values.Detecting changes in attributes of the servlet context.Recognizing creation and destruction of HTTP sessions.Analyzing overall session usage.Watching for changes in session attributes.Tracking purchases at an e-commerce site.Using multiple cooperating listeners.Packaging listeners in JSP tag libraries.Part V: New Tag Library CapabilitiesNew tag library features in JSP 1.2. Converting TLD files to the new format.Bundling life-cycle event listeners with tag libraries.Checking custom tag syntax with TagLibraryValidator.Using the Simple API for XML (SAX) in validators.Handling errors with the TryCatchFinally interface.Changing names of method return values.Looping without creating BodyContent.Declaring scripting variables in the TLD file.The JSP Standard Tag Library (JSTL).Downloading and installing the standard JSP tag library.Reading attributes without using Java syntax.Accessing bean properties without using Java syntax.Looping an explicit number of times.Iterating over various data structures.Checking iteration status.Iterating with string-based tokens.Evaluating expressions conditionally.Using the JSTL expression language to set attributes, return values, and declare scripting variables.About the Web SiteThe book has a companion Web site at http://www.moreservlets.com/. This free site includes:Documented source code for all examples shown in the book; this code can be downloaded for unrestricted use.Up-to-date download sites for servlet and JSP software.Links to all URLs mentioned in the text of the book.Information on book discounts.Reports on servlet and JSP short courses.Book additions, updates, and news.