Core Servlets and JavaServer Pages, Volume 2: Advanced Technologies

Core Servlets and JavaServer Pages, Volume 2: Advanced Technologies

NOOK Book(eBook)

$25.99 $43.99 Save 41% Current price is $25.99, Original price is $43.99. You Save 41%.
View All Available Formats & Editions

Available on Compatible NOOK Devices and the free NOOK Apps.
WANT A NOOK?  Explore Now

Product Details

ISBN-13: 9780132715683
Publisher: Pearson Education
Publication date: 12/27/2007
Series: Sun Core Series
Sold by: Barnes & Noble
Format: NOOK Book
Pages: 736
File size: 47 MB
Note: This product may take a few minutes to download.

About the Author

Marty Hall is the president of, a leading provider of Java training and consulting services. Marty has given courses on Java technologies in seven countries and dozens of U.S. venues, and directs the Java and Web-related concentration areas in the part-time Computer Science graduate program at the Johns Hopkins University. His books include all editions of Core Servlets and JavaServer Pages, More Servlets and JavaServer Pages, and Core Web Programming.

Larry Brown is an IT manager at a U.S. Navy Research and Development Laboratory, and coauthor of Core Web Programming, Second Edition (Prentice Hall, 2001).

Yaakov Chaikin, senior consultant at a software development company based in Columbia, MD, heads the Web Development track at Loyola College's graduate computer science program.

Table of Contents


Who Should Read This Book     viiiConventions     xixAbout the Web Site     xx ACKNOWLEDGMENTS     xxiABOUT THE AUTHORS     xxii Chapter 1: USING AND DEPLOYING WEB APPLICATIONS     2
1.1     Purpose of Web Applications 31.2     Structure of Web Applications 51.3     Registering Web Applications with the Server 91.4     Development and Deployment Strategies 141.5     The Art of WAR: Bundling Web1.6     Building a Simple Web Application 181.7     Sharing Data Among Web Applications 25 Chapter 2: CONTROLLING WEB APPLICATION BEHAVIOR WITH WEB.XML     34
2.1     Purpose of the Deployment Descriptor 352.2     Defining the Header and the Root Element 362.3     The Elements of web.xml 372.4     Assigning Names and Custom URLs 422.5     Disabling the Invoker Servlet 522.6     Initializing and Preloading Servlets and JSP Pages 562.7     Declaring Filters 682.8     Specifying Welcome Pages 712.9     Designating Pages to Handle Errors 722.10   Providing Security 782.11   Controlling Session Timeouts 832.12   Documenting Web Applications 842.13   Associating Files with MIME Types 852.14   Configuring JSP Pages 862.15   Configuring Character Encoding 932.16   Designating Application Event Listeners 932.17   Developing for the Clustered Environment 952.18   J2EE Elements 97 Chapter 3: DECLARATIVE SECURITY     104
3.1     Form-Based Authentication 1063.2     Example: Form-Based Authentication 1223.3     BASIC Authentication 1433.4     Example: BASIC Authentication 1473.5     Configuring Tomcat to Use SSL 1563.6     WebClient: Talking to Web Servers Interactively 1643.7     Signing a Server Certificate 167 Chapter 4: PROGRAMMATIC SECURITY     178
4.1     Combining Container-Managed and Programmatic Security 1804.2     Example: Combining Container-Managed and Programmatic Security 1834.3     Handling All Security Programmatically 1884.4     Example: Handling All Security Programmatically 1904.5     Using Programmatic Security with SSL 1954.6     Example: Programmatic Security and SSL 197 Chapter 5: SERVLET AND JSP FILTERS     202
5.1     Creating Basic Filters 2045.2     Example: A Reporting Filter 2105.3     Accessing the Servlet Context from Filters 2175.4     Example: A Logging Filter 2185.5     Using Filter Initialization Parameters 2215.6     Example: An Access Time Filter 2235.7     Blocking the Response 2265.8     Example: A Prohibited-Site Filter 2275.9     Modifying the Response 2345.10   Example: A Replacement Filter 2375.11   Example: A Compression Filter 2455.12   Configuring Filters to Work with RequestDispatcher 2515.13   Example: Plugging a Potential Security Hole 2535.14   The Complete Filter Deployment Descriptor 260 Chapter 6: THE APPLICATION EVENTS FRAMEWORK 266
6.1     Monitoring Creation and Destruction of the Servlet Context 2706.2     Example: Initializing Commonly Used Data 2716.3     Detecting Changes in Servlet Context Attributes 2776.4     Example: Monitoring Changes to Commonly Used Data 2786.5     Packaging Listeners with Tag Libraries 2886.6     Example: Packaging the Company Name Listeners 2906.7     Recognizing Session Creation and Destruction 2976.8     Example: A Listener That Counts Sessions 2986.9     Watching for Changes in Session Attributes 3066.10   Example: Monitoring Yacht Orders 3076.11   Identifying Servlet Request Initialization and Destruction 3146.12   Example: Calculating Server Request Load 3156.13   Watching Servlet Request for Attribute Changes 3226.14   Example: Stopping Request Frequency Collection 3236.15   Using Multiple Cooperating Listeners 3256.16   The Complete Events Deployment Descriptor 339 Chapter 7: TAG LIBRARIES: THE BASICS     346
7.1     Tag Library Components 3487.2     Example: Simple Prime Tag 3537.3     Assigning Attributes to Tags 3577.4     Example: Prime Tag with Variable Length 3597.5     Including Tag Body in the Tag Output 3627.6     Example: Heading Tag 3647.7     Example: Debug Tag 3687.8     Creating Tag Files 3717.9     Example: Simple Prime Tag Using Tag Files 3727.10   Example: Prime Tag with Variable Length Using Tag Files 3747.11   Example: Heading Tag Using Tag Files 376 Chapter 8: TAG LIBRARIES: ADVANCED FEATURES     378
8.1     Manipulating Tag Body 3808.2     Example: HTML-Filtering Tag 3818.3     Assigning Dynamic Values to Tag Attributes 3858.4     Example: Simple Looping Tag 3878.5     Assigning Complex Objects as Values to Tag Attributes 3918.6     Example: Table Formatting Tag 3938.7     Creating Looping Tags 3988.8     Example: ForEach Tag 3998.9     Creating Expression Language Functions 4048.10   Example: Improved Debug Tag 4078.11   Handling Nested Custom Tags 4108.12   Example: If-Then-Else Tag 412 Chapter 9: JSP STANDARD TAG LIBRARY (JSTL)     418
9.1     Installation of JSTL 4209.2     c:out Tag 4219.3     c:forEach and c:forTokens Tags 4229.4     c:if Tag 4249.5     c:choose Tag 4259.6     c:set and c:remove Tags 4279.7     c:import Tag 4309.8     c:url and c:param Tags 4339.9     c:redirect Tag 4359.10   c:catch Tag 437 Chapter 10: THE STRUTS FRAMEWORK: BASICS     440
10.1     Understanding Struts 44110.2     Setting Up Struts 44610.3     The Struts Flow of Control and the Six Steps to Implementing It 45010.4     Processing Requests with Action Objects 45810.5     Handling Request Parameters with Form Beans 48110.6     Prepopulating and Redisplaying Input Forms 504 Chapter 11: THE STRUTS FRAMEWORK: DOING MORE     538
11.1     Using Properties Files 53911.2     Internationalizing Applications 55411.3     Laying Out Pages with Tiles 55811.4     Using Tiles Definitions 582 Chapter 12: THE STRUTS FRAMEWORK: VALIDATING USER INPUT     592
12.1     Validating in the Action Class 59412.2     Validating in the Form Bean 60712.3     Using the Automatic Validation Framework 624 APPENDIX: DEVELOPING APPLICATIONS WITH APACHE ANT     644
A.1     Summarizing the Benefits of Ant 646A.2     Installing and Setting Up Ant 646A.3     Creating an Ant Project 648A.4     Reviewing Common Ant Tasks 652A.5     Example: Writing a Simple Ant Project 661A.6     Using Ant to Build a Web Application 668A.7     Example: Building a Web Application 670A.8     Using Ant to Create a WAR File 675A.9     Example: Creating a Web Application WAR File 679 INDEX     683


Suppose your company wants to sell products online. You have a database that gives the price and inventory status of each item. However, your database doesn't speak HTTP, the protocol that Web browsers use. Nor does it output HTML, the format Web browsers need. What can you do? Once users know what they want to buy, how do you gather that information? You want to customize your site for visitors' preferences and interests, but how? You want to keep track of user's purchases as they shop at your site, but what techniques are required to implement this behavior? When your Web site becomes popular, you might want to compress pages to reduce bandwidth. How can you do this without causing your site to fail for those visitors whose browsers don't support compression? In all these cases, you need a program to act as the intermediary between the browser and some server-side resource. This book is about using the Java platform for this type of program.

"Wait a second," you say. "Didn't you already write a book about that?" Well, yes. In May of 2000, Sun Microsystems Press and Prentice Hall released Marty Hall's second book, Core Servlets and JavaServer Pages. It was successful beyond everyone's wildest expectations, selling approximately 100,000 copies, getting translated into Bulgarian, Chinese simplified script, Chinese traditional script, Czech, French, German, Hebrew, Japanese, Korean, Polish, Russian, and Spanish, and being chosen by as one of the top five computer programming books of 2001. What fun!

Since then, use of servlets and JSP has continued to grow at a phenomenal rate. The Java 2 Platform has become the technology of choice for developing e-commerce applications, dynamic Web sites, and Web-enabled applications and service. Servlets and JSP continue to be the foundation of this platform--they provide the link between Web clients and server-side applications. Virtually all major Web servers for Windows, UNIX (including Linux), Mac OS, VMS, and mainframe operating systems now support servlet and JSP technology either natively or by means of a plug-in. With only a small amount of configuration, you can run servlets and JSP in Microsoft IIS, the Apache Web Server, IBM WebSphere, BEA WebLogic, Oracle Application Server 10g, and dozens of other servers. Performance of both commercial and open-source servlet and JSP engines has improved significantly.

To no one's surprise, this field continues to grow at a rapid rate. As a result, we could no longer cover the technology in a single book. Core Servlets and JavaServer Pages, Volume 1: Core Technologies, covers the servlet and JSP capabilities that you are likely to use in almost every real-life project. This book, Volume 2: Advanced Technologies, covers features that you may use less frequently but are extremely valuable in robust applications. For example,

  • Deployment descriptor file. Through the proper use of the deployment descriptor file, web.xml, you can control many aspects of the Web application behavior, from preloading servlets, to restricting resource access, to controlling session time-outs.
  • Web application security. In any Web application today, security is a must! The servlet and JSP security model allows you to easily create login pages and control access to resources.
  • Custom tag libraries. Custom tags significantly improve the design of JSPs. Custom tags allow you to easily develop your own library of reusable tags specific to your business applications. In addition to creating your own tags, we cover the Standard Tag Library (JSTL).
  • Event handling. With the events framework, you can control initialization and shutdown of the Web application, recognize destruction of HTTP sessions, and set application-wide values.
  • Servlet and JSP filters. With filters, you can apply many pre- and post-processing actions. For instance, logging incoming requests, blocking access, and modifying the servlet or JSP response.
  • Apache Struts. This framework greatly enhances the standard model-view-controller (MVC) architecture available with servlets and JSPs. More importantly, Apache Struts still remains one of the most common frameworks used in industry.

Who Should Read This Book

The main audience is developers who are familiar with basic servlet and JSP technologies, but want to make use of advanced capabilities. As we cover many topics in this book--the deployment descriptor file, security, listeners, custom tags, JSTL, Struts, Ant--you may want to first start with the technologies of most interest, and then later read the remaining material. Most commercial servlet and JSP Web applications take advantage of the technologies presented throughout, thus, at some point you may want to read the complete book.

If you are new to servlets and JSPs, you will want to read Core Servlets and Java-Server Pages, Volume 1: Core Technologies. In addition to teaching you how to install and configure a servlet container, Volume 1 provides excellent coverage of the servlet and JSP specifications. Volume 1 provides the foundation material to this book.

Both books assume that you are familiar with basic Java programming. You don't have to be an expert Java developer, but if you know nothing about the Java programming language, this is not the place to start. After all, servlet and JSP technology is an application of the Java programming language. If you don't know the language, you can't apply it. So, if you know nothing about basic Java development, start with a good introductory book like Thinking in Java, Core Java, or Core Web Programming, all from Prentice Hall.


Throughout the book, concrete programming constructs or program output are presented in a monospaced font. For example, when abstractly discussing server-side programs that use HTTP, we might refer to "HTTP servlets" or just "servlets," but when we say <code>HttpServlet</code> we are talking about a specific Java class.

User input is indicated in boldface, and command-line prompts are either generic (<code>Prompt> </code>) or indicate the operating system to which they apply (<code>DOS> </code>). For instance, the following indicates that "<code>Some Output</code>" is the result when "<code>java SomeProgram</code>" is executed on any platform.

<code>Prompt> java SomeProgram
Some Output</code>

URLs, file names, and directory names are presented in a sans serif font. So, for example, we would say "the <code>StringTokenizer</code> class" (monospaced because we're talking about the class name) and "Listing such and such shows <font face=Helvetica></font>" (sansserif because we're talking about the file name). Paths use forward slashes as in URLs unless they are specific to the Windows operating system. So, for instance, we would use a forward slash when saying "look in install_dir/bin" (OS neutral), but use backslashes when saying "<font face=Helvetica>see C:\Windows\Temp</font>" (Windows specific).

Important standard techniques are indicated by specially marked entries, as in the following example.

Core Approach
Pay particular attention to items in Core Approach sections. They indicate techniques that should always or almost always be used.

Core Notes and Core Warnings are called out in a similar manner.

About the Web Site

The book has a companion Web site at This free site includes:

  • Documented source code for all examples shown in the book, which can be downloaded for unrestricted use.
  • Links to all URLs mentioned in the text of the book.
  • Up-to-date download sites for servlet and JSP software.
  • Information on book discounts.
  • Book additions, updates, and news.

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews