Advanced JavaServer Pages


  • Design and implement flexible, extensible, and maintainable applications with servlets and JSP technology
  • Master powerful authentication and internationalization techniques
  • Learn how to integrate industry-standard XML and XSLT with JSP technology
  • Use JSP technology-based ...
See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (20) from $1.99   
  • New (4) from $8.64   
  • Used (16) from $1.99   
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any coupons and promotions
Seller since 2005

Feedback rating:



New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

2001-05-29 Paperback New Never Used-No Marks or Highlights-Ships with Tracking # (has publisher's stamp on back cover but otherwise perfect)

Ships from: Zephyrhills, FL

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Seller since 2014

Feedback rating:


Condition: New
Brand New Item.

Ships from: Chatham, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Seller since 2005

Feedback rating:


Condition: New
2001 Trade paperback New. No dust jacket as issued. NEW FROM PRENTICE HALL W/ PERFECT PAGES! SHIPS PROMPTLY WITH FREE DELIVERY TRACKING! Returns are accepted as per Alibris ... guidelines. Trade paperback (US). Glued binding. 512 p. Java 2 Platform, Enterprise Edition Series. Audience: General/trade. Read more Show Less

Ships from: Friendswood, TX

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Seller since 2014

Feedback rating:


Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Sort by
Sending request ...


  • Design and implement flexible, extensible, and maintainable applications with servlets and JSP technology
  • Master powerful authentication and internationalization techniques
  • Learn how to integrate industry-standard XML and XSLT with JSP technology
  • Use JSP technology-based templates to develop robust applications from modular components

Advanced JavaServer Pages delivers:

  • Web application design techniques based on JSP and servlets technology
  • Proven strategies for achieving enterprise-class robustness and scalability with JSP technology
  • Expert guidance on implementing JSP technology-based applications with reusable components

To fully exploit the power of JavaServer Pages technology in Web application development, based on J2EE technology, you need to master the sophisticated server-side techniques that David Geary presents in Advanced JavaServer Pages.

Geary tackles JavaServer Pages technology with the same exhaustive, authoritative approach that made his Graphic Java books into worldwide best sellers. He presents in-depth coverage of advanced topics including:

  • Implementing custom JSP technology tags
  • Designing scalable and extensible Web applications
  • Using authentication to build secure JSP technology-based applications
  • Internationalizing JSP technology-based applications for global environments

Advanced JavaServer Pages features detailed chapters on internationalization, authentication, JSP technology templates, design, and XML. It concludes with a comprehensive case study that ties together key topics developed in thebook and demonstrates how to integrate advanced techniques based on JSP technology. This book is a must-have resource for every developer of Java technology creating server-side applications with JSP technology and servlets.

Read More Show Less

Product Details

  • ISBN-13: 9780130307040
  • Publisher: Pearson Education
  • Publication date: 5/29/2001
  • Series: Sun Microsystems Press Series
  • Edition number: 1
  • Pages: 508
  • Product dimensions: 7.00 (w) x 9.22 (h) x 1.36 (d)

Meet the Author

David Geary was lead engineer for the user interface toolkit for JavaSoft's Java Management API. Currently an independent Java Consultant, his best-selling books include Graphic Java, Volumes 1 and 2.
Read More Show Less

Read an Excerpt

Chapter 9: Security

Computer security used to be the domain of hackers and their antagonists, but with the advent of the World Wide Web, it's become an issue for the rank and file setting up shop on the net. Because of this growing awareness, software developers today are far more likely to deal with security than were their counterparts of the late 20th century.

Many books have been written about the wide ranging topic of computer security, including Java security, and this chapter is a substitute for none of them. This discussion is restricted to protecting web application resources with the authentication mechanisms described in the servlet specification.1

Servlet Authentication

Servlet authentication looks simple:
1. A user tries to access a protected resource, such as a JSP page.

2. If the user has been authenticated, the servlet container makes the resource available; otherwise, the user is asked for a username and password.

3. If the name and password cannot be authenticated, an error is displayed and the user is given the opportunity to enter a new username and password.

The steps outlined above are simple, but vague. It's not apparent who asks for a username and password, who does the authentication, how it's performed, or even how the user is asked for a username and password. Those steps are unspecified because the servlet specification leaves them up to applications and servlet containers. This vagueness in the servlet specification has an effect on portability; see "Portability" on page 254 for more information.

Principals and Roles

In security-speak, the user in the steps listed on page 251 is a principal. Principals are named entities that can represent anything; most often, they represent individuals or corporations.

Principals can fill one or more roles; for example, a customer could also be an employee. Security constraints in WEB-INF/web.xml associate roles with protected resources, like this:

<!-- web resources that are protected -->
<web-resource-name>Protected Resource</web-resource-name>
<!-- role-name indicates roles that are allowed
to access the web resources specified above -->
<!-- web resources that are protected -->
<web-resource-name>Protected Resource2</web-resource-name>
<!-- role-name indicates roles that are allowed
to access the web resources specified above -->

Two security constraints are specified above that restrict access to /page_1.jsp and /page_2.jsp to principals that are in roles customer or employee, respectively.

Security constraints, like those listed above, associate resources with roles. It's up to servlet containers or applications to associate roles with principals; for example, with Tomcat, you edit a tomcat-users.xml file that has entries like this:

<user name="rwhite" password="tomcat" roles="customer", "other"/>

Here, rwhite has a password of tomcat and can fill roles customer or other; thus, rwhite can access /page_1.jsp, but not /page_2.jsp according to the security constraints listed above.

Other servlet containers provide different mechanisms for associating principals with roles; for example, "Resin" on page 264 illustrates how it's done with Resin for basic authentication.

Table 9-1 lists HttpServletRequest methods that allow you to retrieve information about principals and roles....

...The servlet API does not provide corresponding setter methods for the getter methods listed in Table 9-1; therefore, principals and roles can only be set by servlet containers, meaning that applications cannot set them. This can be a consideration if you implement programmatic authentication—see "Programmatic Authentication" on page 271 for more information.

Table 9-2 lists other ServletRequest methods that provide security information....

...Like the methods listed in Table 9-1 on page 253, the servlet API does not provide corresponding setter methods for those methods listed in Table 9-2. This means that the authentication type and transport scheme can only be set by servlet containers.

Declarative Authentication

Declarative authentication requires no programming because authentication is declared with XML tags in a deployment descriptor and implemented by the servlet container. Declarative authentication is attractive because it's easy, but it's not as flexible as other approaches that require you to write code. At one end of the spectrum is declarative authentication, with 100% servlet container implemented and 0% application code; at the other end is programmatic authentication, with 0% servlet container and 100% application code.

Most servlet containers provide access to the middle of that spectrum by providing hooks so that you can replace their default authentication mechanism. "Basic Authentication" on page 256 provides an example of declarative authentication, "Customizing Authentication" on page 263 illustrates customizing authentication, and programmatic authentication is discussed in "Programmatic Authentication" on page 271.


The servlet specification leaves enough security details unspecified that servlet containers must fill in the gaps with nonportable functionality. For example, the servlet specification does not specify a default authentication mechanism, so servlet containers implement their own; for example, Tomcat uses an XML file to specify usernames and passwords, whereas Resin requires you to implement an authenticator....
1. This chapter is based upon the 2.2 Servlet specification; for specification links, see
Read More Show Less

Table of Contents

Preface ..... xiii
Acknowledgments ..... xix
1: Custom Tag Fundamentals ..... 2
Using Custom Tags—The JSP File ..... 5
Defining Custom Tags—The TLD ..... 6
Implementing Custom Tags—Tag Handlers ..... 7
Specifying the TLD in WEB-INF/web.xml ..... 10
<taglib> and <tag> ..... 11
The Tag Life Cycle ..... 12
Thread Safety ..... 13
Tags with Attributes ..... 14
Accessing Page Information ..... 20
Error Handling ..... 22
The Tag Package ..... 23
The Tag Interface ..... 25
The TagSupport Class: Ancestors, Values, and IDs ..... 26
Tags with Bodies ..... 27
Conclusion ..... 29
2: Custom Tag Advanced Concepts ..... 32
Body Tag Handlers ..... 34
Iteration ..... 36
Scripting Variables ..... 41
Body Content ..... 46
Nested Tags ..... 57
Conclusion ..... 59
3: HTML Forms ..... 60
Forms with Beans ..... 61
Validation ..... 69
A Form Framework ..... 77
Custom Tags ..... 93
Conclusion ..... 95
4: Templates ..... 96
Encapsulating Layout ..... 98
Optional Content ..... 103
Role-based Content ..... 106
Defining Regions Separately ..... 108
Nesting Regions ..... 110
Extending Regions ..... 112
Combining Features ..... 114
Region Tag Implementations ..... 116
Conclusion ..... 130
5: Design ..... 132
Model 1 ..... 134
Model 2: An MVC Approach ..... 135
A Model 2 Example ..... 137
Conclusion ..... 152
6: A Model 2 Framework ..... 154
A Model 2 Framework ..... 155
Refining the Design ..... 165
The Importance of Custom Tags ..... 175
JSP Scripts ..... 178
Conclusion ..... 180
7: Event Handling and Sensitive Form Resubmissions ..... 182
Event Handling for a Model 2 Framework ..... 184
Sensitive Form Resubmissions ..... 190
Conclusion ..... 205
8: I18N ..... 206
Unicode ..... 208
Charsets ..... 209
Locales ..... 211
Resource Bundles ..... 213
Multiple Resource Bundles ..... 221
Formatting Locale-Sensitive Information ..... 224
Browser Language Preferences ..... 233
Custom Tags ..... 237
Conclusion ..... 248
9: Security ..... 250
Servlet Authentication ..... 251
Basic Authentication ..... 256
Digest Authentication ..... 259
Form-Based Authentication ..... 260
SSL and Client Certificate Authentication ..... 263
Customizing Authentication ..... 263
Web Application Security Elements ..... 269
Programmatic Authentication ..... 271
Conclusion ..... 281
10: Databases ..... 282
Database Creation ..... 284
Data Sources ..... 287
Database Custom Tags ..... 287
Connection Pooling ..... 302
Prepared Statements ..... 314
Transactions ..... 320
Scrolling Through Result Sets ..... 324
Conclusion ..... 329
11: XML ..... 330
Generating XML ..... 333
Postprocessing XML ..... 339
Parsing XML ..... 341
Transforming XML ..... 374
Using XPath ..... 384
Conclusion ..... 389
12: A Case Study ..... 390
The Fruitstand ..... 392
The Model 2 Framework ..... 416
Internationalization ..... 438
Authentication ..... 443
HTML Forms ..... 455
Sensitive Form Resubmissions ..... 464
SSL ..... 465
XML and DOM ..... 466
Conclusion ..... 469
A: Servlet Filters ..... 470
A Servlet Filter Example ..... 472
Conclusion ..... 474
Index ..... 477
Read More Show Less


Shortly after the Swing volume of Graphic Java was published in March 1999, I became aware of the mass exodus from client-side Java to server-side Java. Because I make a living writing books, I took that exodus very seriously, so I began exploring server-side Java in search of a technology that would be appropriate for my next book. At first, I was enamored with XML, XSLT, and Java, and I spent a good deal of time experimenting with those technologies. But as exciting as those technologies are, it seemed to me that they were on the periphery of developing web applications, and I wanted something that was directly involved in the creation of web applications. Then I discovered servlets.

To be honest, I wasn't too excited about servlets. Were software developers really going to create user interfaces by generating HTML with print statements from the guts of some servlet? I knew of at least one software developer that was not. Since 1984, I've had the good fortune to develop software by using a number of object-oriented languages and very cool user interface toolkits. I've developed applications in Smalltalk, Eiffel, and NeXTSTEP, and it seemed to me that developing applications with HTML— especially HTML manually generated from servlets—was akin to trading in a Ferrari for a Yugo. Then I discovered JSP.

Although back in 1999 JSP was in its infancy, it was easy to see its potential. Here was a way to mix Java with HTML, which opened the door to all kinds of interesting possibilities. And in the Future Directions section of the JSP 1.0 specification, I saw something that really caught my eye: A portable tag extension mechanism is being considered for the JSP 1.1 specification. This mechanism permits the description of tags that can be used from any JSP page. Wow. With custom tags you could encapsulate Java code, which would essentially allow you to create custom components, in the form of tags, that could be used in conjunction with HTML. From then on, I knew that my next book would be about JSP.

So I started to write an introductory JSP book, and I actually wrote the first chapter of that book before I realized two things. First, there was going to be a glut of introductory JSP books, and I did not want to compete against all of those books. Second, and most important, that first chapter was boring, and I hate to read boring books, let alone write them. So, I decided to write this book instead.

What This Book Is About

As its name suggests, this book is an advanced treatment of JavaServer Pages. The central theme of this book is the design and implementation of flexible, extensible, and maintainable applications with beans, servlets, and JSP.

This book begins where most introductory JSP books leave off, by showing you how to implement JSP custom tags. The ability to create custom tags is arguably JSP's greatest strength because it allows software developers and page authors to work in parallel with few dependencies. Subsequent chapters cover HTML forms, JSP templates, Model 1 and Model 2 architectures, a simple Model 2 framework, handling events, internationalization, security, databases, and XML. This book concludes with a comprehensive case study that shows how to use the techniques discussed in this book to develop a nontrivial web application.

The Servlet and JSP APIs This Book Depends Upon

The code in this book depends upon the Servlet 2.2 and JSP 1.1 specifications. Although the Servlet 2.3 and JSP 1.2 specifications were first released in draft form in November 2000, as this book went to press they were still in a state of flux. Because servlet filters are arguably the most important addition to the Servlet 2.3 specification, that topic is covered in "Servlet Filters" on page 470; however, you should be aware that the code in that appendix is very likely to change by the time you read this.

How This Book's Code Was Tested

I tested all of the code in this book with Tomcat 3.2.1. If a code example from this book does not work correctly with Tomcat 3.2.1, such as the example in "Digest Authentication" on page 259, that fact is pointed out in the book's text.

Because Tomcat is the reference implementation for the Servlet and JSP specifications, all of the code in this book should work with any servlet container that conforms to the Servlet 2.2 and JSP 1.1 (or higher) specifications. If an example from this book does not work with your servlet container, it is most likely a bug in that servlet container.

I also tested all of the code in this book against Resin 1.2, which is an excellent servlet container available from As a general rule, it is beneficial to test your code against more than one servlet container to ensure correctness and portability.

This Book's Audience

This book was written for Java developers with a basic understanding of servlets and JSP. For most Java developers, this should be their second book that covers servlets and JSP. If you are new to servlets and JSP, I recommend the following books for your first book on those topics:
  • Core Servlets and JSP by Marty Hall, Sun Microsystems Press
  • Java Servlet Programming by Jason Hunter, O'Reilly
  • Web Development with JavaServer Pages by Fields and Kolb, Manning
It also won't hurt to have a basic understanding of design patterns and the Unified Modeling Language (UML). This book demonstrates how to implement a number of design patterns in JSP-based web applications and uses UML class and sequence diagrams to show how classes are related and how they interact, respectively. See page 181 for a list of resources on design patterns and UML.

This book was not written for page authors. If you are a page author with no Java experience, you will be better served by one of the books listed above.

How This Book Was Written

Designing object-oriented software is very much an iterative process. You start with a few classes and build on them, all the while iterating over classes, both old and new, as you integrate them to build an ever-evolving system. In object-oriented parlance, that process is known as refactoring.

After working for 15 years as a software engineer, I tend to write books the way I write software. Each of this book's chapters started out in humble fashion. And each chapter was subsequently refactored into the final product that you hold in your hands.

You can get a glimpse into this process by looking at a JavaWorld article that I wrote about JSP templates.1 That article is the first cut of this book's Templates chapter, so you can see where the process started for that chapter and where it ended; both the chapter and the code that it discusses underwent much refactoring.

How To Use This Book

This book is not a novel, so I don't expect anyone to sit down and read it cover to cover. Because most readers will read chapters out of order in a random fashion, nearly every chapter in the book can stand on its own. There is one exception to that rule. Chapter 6, which discusses a simple Model 2 framework, depends on Chapter 5, which introduces the Model 2 architecture. Chapter 6 retrofits an example from Chapter 5; therefore, Chapter 5 is a prerequisite for Chapter 6.

The last chapter in this book is a comprehensive case study that employs the techniques discussed throughout this book to implement a nontrivial web application. You can read (or most likely, skim) that chapter first to get a feel for those techniques, or you can read it last to see how to integrate those techniques. Or you can do both.

This Book's Custom Tag Libraries

This book discusses the implementation of approximately 50 JSP custom tags, ranging from internationalization tags to tags that use XML's Document Object Model to parse XML. There are no legal restrictions whatsoever on those tags, so you are free to use those tags in any manner you deem appropriate. See "This Book's Code" on page xvii to see how you can download those tags.

This book's custom tags serve two purposes. First, they illustrate how you can implement your own custom tags. Second, they serve to reinforce the concepts discussed throughout this book. But those custom tags are not the focus of this book; rather, it's the concepts that those tags embody that are important. For example, if you look at the internationalization chapter, you will see that most of that chapter is dedicated to internationalizing text, numbers, dates, and currency in a JSP-based web application. The last few pages of that chapter show how to implement two custom tags that perform internationalization. But it's the internationalization concepts, and not the custom tags, that take center stage in that chapter.

This Book's Code

You can download all of the code from this book, including the book's custom tag libraries, from the following URL:

Conventions Used in This Book

Table P-1 shows the coding conventions used in this book.

Table P-1 Coding Conventions...

Note that, for the most part, methods are referred to without their arguments; however, arguments are included when the discussion warrants them.

Table P-2 shows the typographic conventions used in this book.

Table P-2 Typographic Conventions...

1. See Articles/javaserverpages/jsp_templates.
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted September 10, 2001

    Great Book Hurried

    This is a great book, but hurried. For example, there is a 'paint' parameter to a taglib page that apparently is forgotten in the book. But, buy it! You won't be unhappy. Geary is an imaginative thinker who provides value for the price.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)