Gift Guide

Core Servlets and JavaServer Pages, Volume 2 : Advanced Technologies, Second Edition / Edition 2

Paperback (Print)
Buy Used
Buy Used from
(Save 41%)
Item is in good condition but packaging may have signs of shelf wear/aging or torn packaging.
Condition: Used – Good details
Used and New from Other Sellers
Used and New from Other Sellers
from $2.49
Usually ships in 1-2 business days
(Save 95%)
Other sellers (Paperback)
  • All (13) from $2.49   
  • New (5) from $10.00   
  • Used (8) from $2.49   


Java EE is the technology of choice for e-commerce applications, interactive Web sites, and Web-enabled services. Servlet and JSP technology provides the link between Web clients and server-side applications on this platform. Core Servlets and JavaServer Pages, Volume 2: Advanced Technologies, Second Edition, is the definitive guide to the advanced features and capabilities provided by servlets and JSP.

Volume 2 presents advanced capabilities like custom tag libraries, filters, declarative security, JSTL, and Struts. Like the first volume, it teaches state-of-the-art techniques and best practices illustrated with complete, working, fully documented programs.

Volume 2 explains in detail the advanced tools and techniques needed to build robust, enterprise-class applications. You'll learn how to control application behavior through the web.

Complete source code for all examples is available free for unrestricted use at For information on Java training from Marty Hall, go to

Volume 1 presents comprehensive coverage of the servlets and JSP specifications, including HTTP headers, cookies, session tracking, JSP scripting elements, file inclusion, the MVC architecture, and the JSP expression language. It also covers HTML forms, JDBC, and best practices for design and implementation.

Read More Show Less

Product Details

  • ISBN-13: 9780131482609
  • Publisher: Prentice Hall
  • Publication date: 1/10/2008
  • Series: Sun Core Series
  • Edition description: New Edition
  • Edition number: 2
  • Pages: 712
  • Product dimensions: 7.00 (w) x 9.22 (h) x 1.03 (d)

Meet the Author

Marty Hall is the president of, a leading provider of Java training and consulting services. Marty has given courses on Java technologies in seven countries and dozens of U.S. venues, and directs the Java and Web-related concentration areas in the part-time Computer Science graduate program at the Johns Hopkins University. His books include all editions of Core Servlets and JavaServer Pages, More Servlets and JavaServer Pages, and Core Web Programming.

Larry Brown is an IT manager at a U.S. Navy Research and Development Laboratory, and coauthor of Core Web Programming, Second Edition (Prentice Hall, 2001).

Yaakov Chaikin, senior consultant at a software development company based in Columbia, MD, heads the Web Development track at Loyola College's graduate computer science program.

Read More Show Less

Read an Excerpt

Suppose your company wants to sell products online. You have a database that gives the price and inventory status of each item. However, your database doesn't speak HTTP, the protocol that Web browsers use. Nor does it output HTML, the format Web browsers need. What can you do? Once users know what they want to buy, how do you gather that information? You want to customize your site for visitors' preferences and interests, but how? You want to keep track of user's purchases as they shop at your site, but what techniques are required to implement this behavior? When your Web site becomes popular, you might want to compress pages to reduce bandwidth. How can you do this without causing your site to fail for those visitors whose browsers don't support compression? In all these cases, you need a program to act as the intermediary between the browser and some server-side resource. This book is about using the Java platform for this type of program.

"Wait a second," you say. "Didn't you already write a book about that?" Well, yes. In May of 2000, Sun Microsystems Press and Prentice Hall released Marty Hall's second book, Core Servlets and JavaServer Pages. It was successful beyond everyone's wildest expectations, selling approximately 100,000 copies, getting translated into Bulgarian, Chinese simplified script, Chinese traditional script, Czech, French, German, Hebrew, Japanese, Korean, Polish, Russian, and Spanish, and being chosen by as one of the top five computer programming books of 2001. What fun!

Since then, use of servlets and JSP has continued to grow at a phenomenal rate. The Java 2 Platform has become the technology of choice for developinge-commerce applications, dynamic Web sites, and Web-enabled applications and service. Servlets and JSP continue to be the foundation of this platform—they provide the link between Web clients and server-side applications. Virtually all major Web servers for Windows, UNIX (including Linux), Mac OS, VMS, and mainframe operating systems now support servlet and JSP technology either natively or by means of a plug-in. With only a small amount of configuration, you can run servlets and JSP in Microsoft IIS, the Apache Web Server, IBM WebSphere, BEA WebLogic, Oracle Application Server 10g, and dozens of other servers. Performance of both commercial and open-source servlet and JSP engines has improved significantly.

To no one's surprise, this field continues to grow at a rapid rate. As a result, we could no longer cover the technology in a single book. Core Servlets and JavaServer Pages, Volume 1: Core Technologies, covers the servlet and JSP capabilities that you are likely to use in almost every real-life project. This book, Volume 2: Advanced Technologies, covers features that you may use less frequently but are extremely valuable in robust applications. For example,

  • Deployment descriptor file. Through the proper use of the deployment descriptor file, web.
  • Web application security. In any Web application today, security is a must! The servlet and JSP security model allows you to easily create login pages and control access to resources.
  • Custom tag libraries. Custom tags significantly improve the design of JSPs. Custom tags allow you to easily develop your own library of reusable tags specific to your business applications. In addition to creating your own tags, we cover the Standard Tag Library (JSTL).
  • Event handling. With the events framework, you can control initialization and shutdown of the Web application, recognize destruction of HTTP sessions, and set application-wide values.
  • Servlet and JSP filters. With filters, you can apply many pre- and post-processing actions. For instance, logging incoming requests, blocking access, and modifying the servlet or JSP response.
  • Apache Struts. This framework greatly enhances the standard model-view-controller (MVC) architecture available with servlets and JSPs. More importantly, Apache Struts still remains one of the most common frameworks used in industry.
Who Should Read This Book

The main audience is developers who are familiar with basic servlet and JSP technologies, but want to make use of advanced capabilities. As we cover many topics in this book—the deployment descriptor file, security, listeners, custom tags, JSTL, Struts, Ant—you may want to first start with the technologies of most interest, and then later read the remaining material. Most commercial servlet and JSP Web applications take advantage of the technologies presented throughout, thus, at some point you may want to read the complete book.

If you are new to servlets and JSPs, you will want to read Core Servlets and Java-Server Pages, Volume 1: Core Technologies. In addition to teaching you how to install and configure a servlet container, Volume 1 provides excellent coverage of the servlet and JSP specifications. Volume 1 provides the foundation material to this book.

Both books assume that you are familiar with basic Java programming. You don't have to be an expert Java developer, but if you know nothing about the Java programming language, this is not the place to start. After all, servlet and JSP technology is an application of the Java programming language. If you don't know the language, you can't apply it. So, if you know nothing about basic Java development, start with a good introductory book like Thinking in Java, Core Java, or Core Web Programming, all from Prentice Hall.Conventions

Throughout the book, concrete programming constructs or program output are presented in a monospaced font. For example, when abstractly discussing server-side programs that use HTTP, we might refer to "HTTP servlets" or just "servlets," but when we say HttpServlet we are talking about a specific Java class.

User input is indicated in boldface, and command-line prompts are either generic (Prompt>) or indicate the operating system to which they apply (DOS>). For instance, the following indicates that "Some Output" is the result when "java SomeProgram" is executed on any platform. Prompt> java SomeProgram
Some Output

URLs, file names, and directory names are presented in a sans serif font. So, for example, we would say "the StringTokenizer class" (monospaced because we're talking about the class name) and "Listing such and such shows" (sansserif because we're talking about the file name). Paths use forward slashes as in URLs unless they are specific to the Windows operating system. So, for instance, we would use a forward slash when saying "look in install_dir/bin" (OS neutral), but use backslashes when saying "

see C:\Windows\Temp" (Windows specific).

Important standard techniques are indicated by specially marked entries, as in the following example.

Core Approach
Pay particular attention to items in Core Approach sections. They indicate techniques that should always or almost always be used.

Core Notes and Core Warnings are called out in a similar manner.

About the Web Site

The book has a companion Web site at This free site includes:

  • Documented source code for all examples shown in the book, which can be downloaded for unrestricted use.
  • Links to all URLs mentioned in the text of the book.
  • Up-to-date download sites for servlet and JSP software.
  • Information on book discounts.
  • Book additions, updates, and news.
Read More Show Less

Table of Contents


Who Should Read This Book   viii
Conventions   xix
About the Web Site   xx
1.1   Purpose of Web Applications 3
1.2   Structure of Web Applications 5
1.3   Registering Web Applications with the Server 9
1.4   Development and Deployment Strategies 14
1.5   The Art of WAR: Bundling Web
1.6   Building a Simple Web Application 18
1.7   Sharing Data Among Web Applications 25
2.1   Purpose of the Deployment Descriptor 35
2.2   Defining the Header and the Root Element 36
2.3   The Elements of web.

2.4   Assigning Names and Custom URLs 42
2.5   Disabling the Invoker Servlet 52
2.6   Initializing and Preloading Servlets and JSP Pages 56
2.7   Declaring Filters 68
2.8   Specifying Welcome Pages 71
2.9   Designating Pages to Handle Errors 72
2.10 Providing Security 78
2.11 Controlling Session Timeouts 83
2.12 Documenting Web Applications 84
2.13 Associating Files with MIME Types 85
2.14 Configuring JSP Pages 86
2.15 Configuring Character Encoding 93
2.16 Designating Application Event Listeners 93
2.17 Developing for the Clustered Environment 95
2.18 J2EE Elements 97

3.1   Form-BasedAuthentication 106
3.2   Example: Form-Based Authentication 122
3.3   BASIC Authentication 143
3.4   Example: BASIC Authentication 147
3.5   Configuring Tomcat to Use SSL 156
3.6   WebClient: Talking to Web Servers Interactively 164
3.7   Signing a Server Certificate 167
4.1   Combining Container-Managed and Programmatic Security 180
4.2   Example: Combining Container-Managed and Programmatic Security 183
4.3   Handling All Security Programmatically 188
4.4   Example: Handling All Security Programmatically 190
4.5   Using Programmatic Security with SSL 195
4.6   Example: Programmatic Security and SSL 197
5.1   Creating Basic Filters 204
5.2   Example: A Reporting Filter 210
5.3   Accessing the Servlet Context from Filters 217
5.4   Example: A Logging Filter 218
5.5   Using Filter Initialization Parameters 221
5.6   Example: An Access Time Filter 223
5.7   Blocking the Response 226
5.8   Example: A Prohibited-Site Filter 227
5.9   Modifying the Response 234
5.10 Example: A Replacement Filter 237
5.11 Example: A Compression Filter 245
5.12 Configuring Filters to Work with RequestDispatcher 251
5.13 Example: Plugging a Potential Security Hole 253
5.14 The Complete Filter Deployment Descriptor 260
6.1   Monitoring Creation and Destruction of the Servlet Context 270
6.2   Example: Initializing Commonly Used Data 271
6.3   Detecting Changes in Servlet Context Attributes 277
6.4   Example: Monitoring Changes to Commonly Used Data 278
6.5   Packaging Listeners with Tag Libraries 288
6.6   Example: Packaging the Company Name Listeners 290
6.7   Recognizing Session Creation and Destruction 297
6.8   Example: A Listener That Counts Sessions 298
6.9   Watching for Changes in Session Attributes 306
6.10 Example: Monitoring Yacht Orders 307
6.11 Identifying Servlet Request Initialization and Destruction 314
6.12 Example: Calculating Server Request Load 315
6.13 Watching Servlet Request for Attribute Changes 322
6.14 Example: Stopping Request Frequency Collection 323
6.15 Using Multiple Cooperating Listeners 325
6.16 The Complete Events Deployment Descriptor 339
7.1   Tag Library Components 348
7.2   Example: Simple Prime Tag 353
7.3   Assigning Attributes to Tags 357
7.4   Example: Prime Tag with Variable Length 359
7.5   Including Tag Body in the Tag Output 362
7.6   Example: Heading Tag 364
7.7   Example: Debug Tag 368
7.8   Creating Tag Files 371
7.9   Example: Simple Prime Tag Using Tag Files 372
7.10 Example: Prime Tag with Variable Length Using Tag Files 374
7.11 Example: Heading Tag Using Tag Files 376
8.1   Manipulating Tag Body 380
8.2   Example: HTML-Filtering Tag 381
8.3   Assigning Dynamic Values to Tag Attributes 385
8.4   Example: Simple Looping Tag 387
8.5   Assigning Complex Objects as Values to Tag Attributes 391
8.6   Example: Table Formatting Tag 393
8.7   Creating Looping Tags 398
8.8   Example: ForEach Tag 399
8.9   Creating Expression Language Functions 404
8.10 Example: Improved Debug Tag 407
8.11 Handling Nested Custom Tags 410
8.12 Example: If-Then-Else Tag 412
9.1   Installation of JSTL 420
9.2   c:out Tag 421
9.3   c:forEach and c:forTokens Tags 422
9.4   c:if Tag 424
9.5   c:choose Tag 425
9.6   c:set and c:remove Tags 427
9.7   c:import Tag 430
9.8   c:url and c:param Tags 433
9.9   c:redirect Tag 435
9.10 c:catch Tag 437
10.1   Understanding Struts 441
10.2   Setting Up Struts 446
10.3   The Struts Flow of Control and the Six Steps to Implementing It 450
10.4   Processing Requests with Action Objects 458
10.5   Handling Request Parameters with Form Beans 481
10.6   Prepopulating and Redisplaying Input Forms 504
11.1   Using Properties Files 539
11.2   Internationalizing Applications 554
11.3   Laying Out Pages with Tiles 558
11.4   Using Tiles Definitions 582
12.1   Validating in the Action Class 594
12.2   Validating in the Form Bean 607
12.3   Using the Automatic Validation Framework 624
A.1   Summarizing the Benefits of Ant 646
A.2   Installing and Setting Up Ant 646
A.3   Creating an Ant Project 648
A.4   Reviewing Common Ant Tasks 652
A.5   Example: Writing a Simple Ant Project 661
A.6   Using Ant to Build a Web Application 668
A.7   Example: Building a Web Application 670
A.8   Using Ant to Create a WAR File 675
A.9   Example: Creating a Web Application WAR File 679
INDEX   683
Read More Show Less




In early 1996, I started using the Java programming language for the majority of my software development work. I did some CGI programming and even worked a little with the early servlet versions, but for the most part I did desktop and client-side applications. Over the last couple of years, however, there has been a growing emphasis on server-side applications, so I became more serious about servlets and JavaServer Pages. In the past year, there has been a virtual stampede toward the technology among developers, server vendors, and the authors of the Java platform specifications. So much so, in fact, that the technology is rapidly becoming the standard tool for building dynamic Web sites and connecting Web front ends to databases and applications on a server.

Unfortunately, however, it was extremely difficult to find good practical advice on servlet and JSP development. I found a number of servlet books, but only a handful of them covered recent versions of the specification, advanced techniques, or reflected real-world experience. The few that did, if they covered JSP at all, hadn't caught up to JSP 1.0, let alone JSP 1.1. Since JSP is a better fit than servlets for many situations, what good was a servlet book that didn't also cover JSP? In the last couple of months, some JSP books have started coming out. But the bulk of them don't cover servlets. What good is that? Since an integral part of JavaServer Pages is the use of scripting elements to create servlet code, you can't do effective JSP development without a thorough understanding of servlets. Besides, most real-world sites don't use just one of the two technologies; theycombinethem both. Finally, as I discovered when I started teaching servlet and JSP development to my students in the Johns Hopkins part-time graduate program (most of whom were professional software developers), few programmers were already comfortable with HTTP 1.1, HTML forms, and JDBC, three critical supporting technologies. Telling them to get a separate book for each of these areas was hardly reasonable: that brought to five the number of books programmers needed if they were going to do serious servlet/JSP development.

So, in mid-1999, I put together a short servlet and JSP tutorial with a few dozen examples, put it on the Web, and tried out the material in a couple of my courses. The response was overwhelming. After only a few months, I was getting several thousand visitors a day to the tutorial along with a myriad of requests to expand the coverage of the material. I eventually bowed to the inevitable and started writing. This book is the result. I hope you find it useful.

Real Code for Real Programmers

This book is aimed at serious software developers. This is not a book that touts the potential of e-commerce or pontificates about how Web-enabled applications will revolutionize your business. Instead, it is a hands-on book aimed at helping programmers who are already convinced of the need for dynamic Web sites get started building them right away. In showing how to build these sites, I try to illustrate the most important approaches and warn you of the most common pitfalls. Along the way, I include plenty of working code: more than a hundred documented Java classes, for instance. I try to give detailed examples of the most important and frequently used features, summarize the lesser-used ones, and refer you to the APIs (available on-line) for a few of the rarely used ones.

Nor is this a book that skims dozens of technologies at a high level. Although I don't claim that this is a definitive reference on every technology it touches on (e.g., there are a number of books this size just on JDBC), if the book covers a topic, it does so in enough detail for you to sit down and start writing real programs. The one exception to this rule is the Java programming language itself. Although I don't assume any familiarity with server-side programming, I do expect you to be familiar with the basics of Java language development. If you're not, you will need to pick up a good tutorial like Core Java, Core Web Programming, or Thinking in Java.

A word of caution, however. Nobody becomes a great developer just by reading. You have to write some real code, too. The more, the better. In each chapter, I suggest that you start by making a simple program or a small variation of one of the examples given, then strike off on your own with a more significant project. Skim the sections you don't plan on using right away, then come back when you are ready to try them out.

If you do this, you should quickly develop the confidence to handle the real-world problems that brought you here in the first place. You should be able to decide where servlets apply well, where JSP is better, and where a combination is best. You should not only know how to generate HTML content, but you should also understand building other media types like GIF images or Excel spreadsheets. You should understand HTTP 1.1 well enough to use its capabilities to enhance the effectiveness of your pages. You should have no qualms about developing Web interfaces to your corporate databases, using either HTML forms or applets as front ends. You should be able to spin off complex behaviors into JavaBeans components or custom JSP tag libraries, then decide when to use these components directly and when to start requests with servlets that set things up for separate presentation pages. You should have fun along the way. You should get a raise.

How This Book Is Organized

This book is divided into three parts: Servlets, JavaServer Pages, and Supporting Technologies.

Part I: Servlets

Part I covers servlet development with the 2.1 and 2.2 specifications. Although version 2.2 (along with JSP 1.1) is mandated by the Java 2 Platform, Enterprise Edition (J2EE), many commercial products are still at the earlier releases, so it is important to understand the differences. Also, although servlet code is portable across a huge variety of servers and operating systems, server setup and configuration details are not standardized. So, I include specific details for Apache Tomcat, Sun's JavaServer Web Development Kit (JSWDK), and the Java Web Server. Servlet topics include:

  • When and why you would use servlets
  • Obtaining and configuring the servlet and JSP software
  • The basic structure of servlets
  • The process of compiling, installing, and invoking servlets
  • Generating HTML from servlets
  • The servlet life cycle
  • Page modification dates and browser caches
  • Servlet debugging strategies
  • Reading form data from servlets
  • Handling both GET and POST requests with a single servlet
  • An on-line resume posting service
  • Reading HTTP request headers from servlets
  • The purpose of each of the HTTP 1.1 request headers
  • Reducing download times by compressing pages
  • Restricting access with password-protected servlets
  • The servlet equivalent of each standard CGI variable
  • Using HTTP status codes
  • The meaning of each of the HTTP 1.1 status code values
  • A search engine front end
  • Setting response headers from servlets
  • The purpose of each of the HTTP 1.1 response headers
  • Common MIME types
  • A servlet that uses the Refresh header to repeatedly access ongoing computations
  • Servlets that exploit persistent (keep-alive) HTTP connections
  • Generating GIF images from servlets
  • Cookie purposes and problems
  • The Cookie API
  • Some utilities that simplify cookie handling
  • A customized search engine front end
  • The purposes of session tracking
  • The servlet session tracking API
  • Using sessions to show per-client access counts
  • An on-line store that uses session tracking, shopping carts, and pages automatically built from catalog entries

Part II: JavaServer Pages

JSP provides a convenient alternative to servlets for pages that mostly consist of fixed content. Part II covers the use of JavaServer Pages version 1.0 and 1.1. JSP topics include:

  • When and why you would use JavaServer Pages
  • How JSP pages are invoked
  • Using JSP expressions, scriptlets, and declarations
  • Predefined variables that can be used within expressions and scriptlets
  • The page directive
  • Designating which classes are imported
  • Specifying the MIME type of the page
  • Generating Excel spreadsheets
  • Controlling threading behavior
  • Participating in sessions
  • Setting the size and behavior of the output buffer
  • Designating pages to process JSP errors
  • XML-compatible syntax for directives
  • Including JSP files at the time the main page is translated into a servlet
  • Including HTML or plain text files at the time the client requests the page
  • Including applets that use the Java Plug-In
  • Using JavaBeans with JSP
  • Creating and accessing beans
  • Setting bean properties explicitly
  • Associating bean properties with input parameters
  • Automatic conversion of bean property types
  • Sharing beans among multiple JSP pages and servlets
  • Creating JSP tag libraries
  • Tag handler classes
  • Tag library descriptor files
  • The JSP taglib directive
  • Simple tags
  • Tags that use attributes
  • Tags that use the body content between their start and end tags
  • Tags that modify their body content
  • Looping tags
  • Nested tags
  • Integrating servlets and JSP
  • Forwarding requests from servlets to static and dynamic resources
  • Using servlets to set up beans for use by JSP pages
  • An on-line travel agency combining servlets and JSP
  • Including JSP output in servlets
  • Forwarding requests from JSP pages

Part III: Supporting Technologies

Part III covers three topics that are commonly used in conjunction with servlets and JSP: HTML forms, applets talking to servlets, and JDBC. Topics include:

  • Sending data from forms
  • Text controls
  • Push buttons
  • Check boxes and radio buttons
  • Combo boxes and list boxes
  • File upload controls
  • Server-side image maps
  • Hidden fields
  • Grouping controls
  • Tab ordering
  • A Web server for debugging forms
  • Sending GET data from an applet and having the browser display the results
  • Having applets send GET data and process the results themselves (HTTP tunneling)
  • Using object serialization to exchange high-level data structures between applets and servlets
  • Having applets send POST data and process the results themselves
  • Applets bypassing the HTTP server altogether

About the Web Site

The book has a companion Web site at ...

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)