Java EE is the technology of choice for e-commerce applications, interactive Web sites, and Web-enabled services. Servlet and JSP technology provides the link between Web clients and server-side applications on this platform. Core Servlets and JavaServer Pages, Volume 2: Advanced Technologies, Second Edition, is the definitive guide to the advanced features and capabilities provided by servlets and JSP.
Volume 2 presents advanced capabilities like custom tag libraries, filters, declarative security, JSTL, and Struts. Like the first volume, it teaches state-of-the-art techniques and best practices illustrated with complete, working, fully documented programs.
Volume 2 explains in detail the advanced tools and techniques needed to build robust, enterprise-class applications. You'll learn how to control application behavior through the web.xml deployment descriptor file, how to enhance application security through both declarative and programmatic methods, and how to use servlet and JSP filters to encapsulate common behavior. You'll also learn how to control major application lifecycle events, best practices for using JSTL, and how to build custom tag libraries. Volume 2 concludes with an in-depth introduction to the Jakarta Struts framework.
Complete source code for all examples is available free for unrestricted use at www.volume2.coreservlets.com. For information on Java training from Marty Hall, go to courses.coreservlets.com.
Volume 1 presents comprehensive coverage of the servlets and JSP specifications, including HTTP headers, cookies, session tracking, JSP scripting elements, file inclusion, the MVC architecture, and the JSP expression language. It also covers HTML forms, JDBC, and best practices for design and implementation.
About the Author
Marty Hall is the president of coreservlets.com, a leading provider of Java training and consulting services. Marty has given courses on Java technologies in seven countries and dozens of U.S. venues, and directs the Java and Web-related concentration areas in the part-time Computer Science graduate program at the Johns Hopkins University. His books include all editions of Core Servlets and JavaServer Pages, More Servlets and JavaServer Pages, and Core Web Programming.
Larry Brown is an IT manager at a U.S. Navy Research and Development Laboratory, and coauthor of Core Web Programming, Second Edition (Prentice Hall, 2001).
Yaakov Chaikin, senior consultant at a software development company based in Columbia, MD, heads the Web Development track at Loyola College's graduate computer science program.
Table of Contents
- Who Should Read This Book viii
About the Web Site xx
ABOUT THE AUTHORS xxii Chapter 1: USING AND DEPLOYING WEB APPLICATIONS 2
- 1.1 Purpose of Web Applications 3
1.2 Structure of Web Applications 5
1.3 Registering Web Applications with the Server 9
1.4 Development and Deployment Strategies 14
1.5 The Art of WAR: Bundling Web
1.6 Building a Simple Web Application 18
1.7 Sharing Data Among Web Applications 25
- 2.1 Purpose of the Deployment Descriptor 35
2.2 Defining the Header and the Root Element 36
2.3 The Elements of web.xml 37
2.4 Assigning Names and Custom URLs 42
2.5 Disabling the Invoker Servlet 52
2.6 Initializing and Preloading Servlets and JSP Pages 56
2.7 Declaring Filters 68
2.8 Specifying Welcome Pages 71
2.9 Designating Pages to Handle Errors 72
2.10 Providing Security 78
2.11 Controlling Session Timeouts 83
2.12 Documenting Web Applications 84
2.13 Associating Files with MIME Types 85
2.14 Configuring JSP Pages 86
2.15 Configuring Character Encoding 93
2.16 Designating Application Event Listeners 93
2.17 Developing for the Clustered Environment 95
2.18 J2EE Elements 97
- 3.1 Form-Based Authentication 106
3.2 Example: Form-Based Authentication 122
3.3 BASIC Authentication 143
3.4 Example: BASIC Authentication 147
3.5 Configuring Tomcat to Use SSL 156
3.6 WebClient: Talking to Web Servers Interactively 164
3.7 Signing a Server Certificate 167
- 4.1 Combining Container-Managed and Programmatic Security 180
4.2 Example: Combining Container-Managed and Programmatic Security 183
4.3 Handling All Security Programmatically 188
4.4 Example: Handling All Security Programmatically 190
4.5 Using Programmatic Security with SSL 195
4.6 Example: Programmatic Security and SSL 197
- 5.1 Creating Basic Filters 204
5.2 Example: A Reporting Filter 210
5.3 Accessing the Servlet Context from Filters 217
5.4 Example: A Logging Filter 218
5.5 Using Filter Initialization Parameters 221
5.6 Example: An Access Time Filter 223
5.7 Blocking the Response 226
5.8 Example: A Prohibited-Site Filter 227
5.9 Modifying the Response 234
5.10 Example: A Replacement Filter 237
5.11 Example: A Compression Filter 245
5.12 Configuring Filters to Work with RequestDispatcher 251
5.13 Example: Plugging a Potential Security Hole 253
5.14 The Complete Filter Deployment Descriptor 260
- 6.1 Monitoring Creation and Destruction of the Servlet Context 270
6.2 Example: Initializing Commonly Used Data 271
6.3 Detecting Changes in Servlet Context Attributes 277
6.4 Example: Monitoring Changes to Commonly Used Data 278
6.5 Packaging Listeners with Tag Libraries 288
6.6 Example: Packaging the Company Name Listeners 290
6.7 Recognizing Session Creation and Destruction 297
6.8 Example: A Listener That Counts Sessions 298
6.9 Watching for Changes in Session Attributes 306
6.10 Example: Monitoring Yacht Orders 307
6.11 Identifying Servlet Request Initialization and Destruction 314
6.12 Example: Calculating Server Request Load 315
6.13 Watching Servlet Request for Attribute Changes 322
6.14 Example: Stopping Request Frequency Collection 323
6.15 Using Multiple Cooperating Listeners 325
6.16 The Complete Events Deployment Descriptor 339
- 7.1 Tag Library Components 348
7.2 Example: Simple Prime Tag 353
7.3 Assigning Attributes to Tags 357
7.4 Example: Prime Tag with Variable Length 359
7.5 Including Tag Body in the Tag Output 362
7.6 Example: Heading Tag 364
7.7 Example: Debug Tag 368
7.8 Creating Tag Files 371
7.9 Example: Simple Prime Tag Using Tag Files 372
7.10 Example: Prime Tag with Variable Length Using Tag Files 374
7.11 Example: Heading Tag Using Tag Files 376
- 8.1 Manipulating Tag Body 380
8.2 Example: HTML-Filtering Tag 381
8.3 Assigning Dynamic Values to Tag Attributes 385
8.4 Example: Simple Looping Tag 387
8.5 Assigning Complex Objects as Values to Tag Attributes 391
8.6 Example: Table Formatting Tag 393
8.7 Creating Looping Tags 398
8.8 Example: ForEach Tag 399
8.9 Creating Expression Language Functions 404
8.10 Example: Improved Debug Tag 407
8.11 Handling Nested Custom Tags 410
8.12 Example: If-Then-Else Tag 412
- 9.1 Installation of JSTL 420
9.2 c:out Tag 421
9.3 c:forEach and c:forTokens Tags 422
9.4 c:if Tag 424
9.5 c:choose Tag 425
9.6 c:set and c:remove Tags 427
9.7 c:import Tag 430
9.8 c:url and c:param Tags 433
9.9 c:redirect Tag 435
9.10 c:catch Tag 437
- 10.1 Understanding Struts 441
10.2 Setting Up Struts 446
10.3 The Struts Flow of Control and the Six Steps to Implementing It 450
10.4 Processing Requests with Action Objects 458
10.5 Handling Request Parameters with Form Beans 481
10.6 Prepopulating and Redisplaying Input Forms 504
- 11.1 Using Properties Files 539
11.2 Internationalizing Applications 554
11.3 Laying Out Pages with Tiles 558
11.4 Using Tiles Definitions 582
- 12.1 Validating in the Action Class 594
12.2 Validating in the Form Bean 607
12.3 Using the Automatic Validation Framework 624
- A.1 Summarizing the Benefits of Ant 646
A.2 Installing and Setting Up Ant 646
A.3 Creating an Ant Project 648
A.4 Reviewing Common Ant Tasks 652
A.5 Example: Writing a Simple Ant Project 661
A.6 Using Ant to Build a Web Application 668
A.7 Example: Building a Web Application 670
A.8 Using Ant to Create a WAR File 675
A.9 Example: Creating a Web Application WAR File 679
Suppose your company wants to sell products online. You have a database that gives the price and inventory status of each item. However, your database doesn't speak HTTP, the protocol that Web browsers use. Nor does it output HTML, the format Web browsers need. What can you do? Once users know what they want to buy, how do you gather that information? You want to customize your site for visitors' preferences and interests, but how? You want to keep track of user's purchases as they shop at your site, but what techniques are required to implement this behavior? When your Web site becomes popular, you might want to compress pages to reduce bandwidth. How can you do this without causing your site to fail for those visitors whose browsers don't support compression? In all these cases, you need a program to act as the intermediary between the browser and some server-side resource. This book is about using the Java platform for this type of program.
"Wait a second," you say. "Didn't you already write a book about that?" Well, yes. In May of 2000, Sun Microsystems Press and Prentice Hall released Marty Hall's second book, Core Servlets and JavaServer Pages. It was successful beyond everyone's wildest expectations, selling approximately 100,000 copies, getting translated into Bulgarian, Chinese simplified script, Chinese traditional script, Czech, French, German, Hebrew, Japanese, Korean, Polish, Russian, and Spanish, and being chosen by Amazon.com as one of the top five computer programming books of 2001. What fun!
Since then, use of servlets and JSP has continued to grow at a phenomenal rate. The Java 2 Platform has become the technology of choice for developing e-commerce applications, dynamic Web sites, and Web-enabled applications and service. Servlets and JSP continue to be the foundation of this platform--they provide the link between Web clients and server-side applications. Virtually all major Web servers for Windows, UNIX (including Linux), Mac OS, VMS, and mainframe operating systems now support servlet and JSP technology either natively or by means of a plug-in. With only a small amount of configuration, you can run servlets and JSP in Microsoft IIS, the Apache Web Server, IBM WebSphere, BEA WebLogic, Oracle Application Server 10g, and dozens of other servers. Performance of both commercial and open-source servlet and JSP engines has improved significantly.
To no one's surprise, this field continues to grow at a rapid rate. As a result, we could no longer cover the technology in a single book. Core Servlets and JavaServer Pages, Volume 1: Core Technologies, covers the servlet and JSP capabilities that you are likely to use in almost every real-life project. This book, Volume 2: Advanced Technologies, covers features that you may use less frequently but are extremely valuable in robust applications. For example,
- Deployment descriptor file. Through the proper use of the deployment descriptor file, web.xml, you can control many aspects of the Web application behavior, from preloading servlets, to restricting resource access, to controlling session time-outs.
- Web application security. In any Web application today, security is a must! The servlet and JSP security model allows you to easily create login pages and control access to resources.
- Custom tag libraries. Custom tags significantly improve the design of JSPs. Custom tags allow you to easily develop your own library of reusable tags specific to your business applications. In addition to creating your own tags, we cover the Standard Tag Library (JSTL).
- Event handling. With the events framework, you can control initialization and shutdown of the Web application, recognize destruction of HTTP sessions, and set application-wide values.
- Servlet and JSP filters. With filters, you can apply many pre- and post-processing actions. For instance, logging incoming requests, blocking access, and modifying the servlet or JSP response.
- Apache Struts. This framework greatly enhances the standard model-view-controller (MVC) architecture available with servlets and JSPs. More importantly, Apache Struts still remains one of the most common frameworks used in industry.
Who Should Read This Book
The main audience is developers who are familiar with basic servlet and JSP technologies, but want to make use of advanced capabilities. As we cover many topics in this book--the deployment descriptor file, security, listeners, custom tags, JSTL, Struts, Ant--you may want to first start with the technologies of most interest, and then later read the remaining material. Most commercial servlet and JSP Web applications take advantage of the technologies presented throughout, thus, at some point you may want to read the complete book.
If you are new to servlets and JSPs, you will want to read Core Servlets and Java-Server Pages, Volume 1: Core Technologies. In addition to teaching you how to install and configure a servlet container, Volume 1 provides excellent coverage of the servlet and JSP specifications. Volume 1 provides the foundation material to this book.
Both books assume that you are familiar with basic Java programming. You don't have to be an expert Java developer, but if you know nothing about the Java programming language, this is not the place to start. After all, servlet and JSP technology is an application of the Java programming language. If you don't know the language, you can't apply it. So, if you know nothing about basic Java development, start with a good introductory book like Thinking in Java, Core Java, or Core Web Programming, all from Prentice Hall.
Throughout the book, concrete programming constructs or program output are presented in a monospaced font. For example, when abstractly discussing server-side programs that use HTTP, we might refer to "HTTP servlets" or just "servlets," but when we say <code>HttpServlet</code> we are talking about a specific Java class.
User input is indicated in boldface, and command-line prompts are either generic (<code>Prompt> </code>) or indicate the operating system to which they apply (<code>DOS> </code>). For instance, the following indicates that "<code>Some Output</code>" is the result when "<code>java SomeProgram</code>" is executed on any platform.
<code>Prompt> java SomeProgram
URLs, file names, and directory names are presented in a sans serif font. So, for example, we would say "the <code>StringTokenizer</code> class" (monospaced because we're talking about the class name) and "Listing such and such shows <font face=Helvetica>SomeFile.java</font>" (sansserif because we're talking about the file name). Paths use forward slashes as in URLs unless they are specific to the Windows operating system. So, for instance, we would use a forward slash when saying "look in install_dir/bin" (OS neutral), but use backslashes when saying "<font face=Helvetica>see C:\Windows\Temp</font>" (Windows specific).
Important standard techniques are indicated by specially marked entries, as in the following example.
Pay particular attention to items in Core Approach sections. They indicate techniques that should always or almost always be used.
Core Notes and Core Warnings are called out in a similar manner.
About the Web Site
The book has a companion Web site at http://volume2.coreservlets.com/. This free site includes:
- Documented source code for all examples shown in the book, which can be downloaded for unrestricted use.
- Links to all URLs mentioned in the text of the book.
- Up-to-date download sites for servlet and JSP software.
- Information on book discounts.
- Book additions, updates, and news.