SCWCD CX310-081 Short Notes: Exam passing tips

SCWCD CX310-081 Short Notes: Exam passing tips

Rating:

The Servlet Technology Model

• HTTP 1.1 has 8 request methods that are GET, POST, PUT, HEAD, TRACE, OPTIONS, CONNECT, and DELETE.


• The POST method is not idempotent.


• The GET method is faster than the POST method. It is called when either the method name is specified as GET or not specified at all in the request. The amount of data transfer is limited by the server.


• The HEAD method is used to request header information. It is an idempotent method. It should not be used to modify the information on the server.


• The GET method is called if the method name is not specified, or the method specified is GET. Also, it is called using a form with no method definition and by adding url to the form.


• Servlet uses the doPost() method to handle form data from a client.


• The doPost() method allows a client to send data of unlimited length.


• The getParameterValues() method of the ServletRequest interface returns all the values of the given request parameter as an array of String objects.


• The getParameter() method of the ServletRequest interface returns the value of the request parameter as a String.


• The getParameterMap() method of the ServletRequest interface returns a java.util.Map that contains parameter names as keys, as well as parameter values as map values.


• The getIntHeader() method of the HttpServletRequest interface returns the value of the specified request header as an integer.


• A cookie is created by the server on request from a client. It is stored on a client computer.


• A request dispatcher object can be obtained from a ServletRequest or a ServletContext interface.


• The getRemotePort() method returns an integer value that represents the client's Internet Protocol (IP) port number.


• The getDateHeader() method of the HttpServletRequest interface returns the number of milliseconds of the specified header since January 1, 1970 GMT.


• The getRequestURL() method of the HttpServletRequest interface returns the URL associated with the request as a String.


• The getCookies() method of the HttpServletRequest interface returns an array of cookie objects that a client sends with a request. However, if no cookies are sent, this method returns a null value.


• The getWriter() method of the ServletResponse interface returns a PrintWriter object suitable for writing character data in the response.


• The setValue() method of the Cookie class is used to assign a new value to a cookie after the cookie is created.


• The getOutputStream() method returns a ServletOutputStream suitable for writing binary data in the response.


• Either the Response.setContentType(String name, String value)or the HttpServletResponse.setHeader(String name, String value) is used to set the Content type.


• The getWriter() method of the ServletResponse interface returns a PrintWriter object suitable for writing character data in the response.


• The sendError() method of the HttpResponse interface sends an error response to the client using the specified status code and message.


• A servlet has three life cycle methods. They are init(), service(), and destroy().


• A servlet has no main() method. The container is responsible for managing the life-cycle of a servlet.
  Before calling the init() method, a servlet class must be loaded and instantiated.


• For each request, the Container creates a separate thread.


• The init() and destroy() methods are called only once in the life of a servlet.


• A servlet cannot service a request if its init() method does not return within the time period defined by the servlet container. Also, it cannot service a request if its init() method throws the ServletException.

The Structure and Deployment of Web Applications

• The WEB-INF directory contains files that should not be publically available. This includes, among others, the web.xml file, the servlet class files, and the lib/JAR files.


• A tag file must be placed inside the META-INF/tags directory or its subdirectory within a JAR file installed in the WEB-INF/lib directory of the Web application or inside the WEB-INF/tags directory(or its subdirectory).


• The <init-param> sub-element is present in two elements, namely <servlet> and <context-param>.


• The <load-on-startup> element of a deployment descriptor is used to load a servlet file when the server starts instead of waiting for the first request. It is also used to specify the order in which the files are to be loaded.


• The <mime-mapping> element of the deployment descriptor is used to configure a mapping between a mime type and an extension. It has two sub-elements, namely <extension> and <mime-type>.


• The <error-page> element defines a mapping between an error code/exception type and the location of the resource to display in response to the error.


• A deployment descriptor is an XML document that defines a component's deployment settings.


• The setContentType() method of the ServletResponse interface sets the content type of the response.
• The content type is also referred to as the MIME type.


• A welcome file is returned when a user enters a partial link in a URL, i.e., the name of a directory, but with no file inside it. If there are more than one welcome file, they are all entered within a single element.


• A deployment descriptor is an xml file known as web.xml located in the WEB-INF directory. It provides configuration and deployment information for the Web components that comprise a Web application.


• The <auth-constraint> element is a sub-element of the <security-constraint> element. It defines the user roles that are allowed to access the Web resources specified by the <web-resource-collection> sub-elements.


• The contents stored in the WEB-INF and META-INF directories of a WAR file are not available for direct access by a user.

The Web Container Model

• The <init-param> parameter of the deployment descriptor is used to declare initialization parameters such as configuration data, database connections and perform other one-time activities.


• The servlet init parameters are read only once, when the container initializes the servlet.


• ServletContext initialization parameters should be used for the data that is applicable to complete Web application. The ServletContext.getInitParameter() method is used to access the ServletContext initialization parameters.


• A servlet context object contains the information about the Web application of which the servlet is a part. It also provides access to the resources common to all the servlets in the application. Each Web application in a container has a single servlet context associated with it.


• The <context-param> element of the deployment descriptor declares the initialization parameters that are applicable for the entire Web application.


• The getInitParameter() method returns the names of the servlet's initialization parameters as an enumeration of String objects, or an empty enumeration if the servlet has no initialization parameters.


• The getAttribute() method of the ServletRequest interface returns the value of the named attribute as an object. It returns a null value if no attribute with the given name exists.


• Context attributes are not thread safe, since multiple servlets and hence multiple threads in a Web-app can access these attributes. To make a context attribute thread safe, it is necessary to apply a lock on the context.


• Request attributes and local attributes are thread-safe while session variables and context attributes are not.


• There are three type of attributes, namely session attribute, request attribute, and context attribute.


• A servlet context object is contained within the servlet config object, which the Web server provides to the servlet when it is initialized. Using a servlet context, a user can obtain the MIME type of a file, dispatch requests, and write to a log file.


• The getResource(String path) method of the ServletContext interface returns the resource located at the specified path.


• To declare a filter in the deployment descriptor, the <filter-name> and <filter-class> elements are mandatory, while the <init-param> element is optional.


• A filter life-cycle consists of three methods, namely init(), doFilter(), and destroy().


• An object of the FilterChain interface is provided by the container to invoke the next filter in a chain of filters.


• Every filter must implement the Filter interface.


• The <filter> element is present inside the <web-app> element of the deployment descriptor.


• The ServletContextListener interface has the two methods, namely contextInitialized() and contextDestroyed.


• The HttpContextAttributeListener interface has the following three methods:
  
  1. public void attributeAdded(ServletContextAttributeEvent event)
  
  
  2. public void attributeRemoved(ServletContextAttributeEvent event)
  
  
  3. public void attributeReplaced(ServletContextAttributeEvent event)


• The HttpSessionAttributeListener interface is used by the implementing classes to receive notifications whenever attributes are added to, removed from, or replaced in the attribute list of any object of the HttpSession in a Web application.


• The requestInitialized() method of the ServletRequestListener interface takes a ServletRequestEvent object and notifies that the request is about to come into scope of the Web application.


• The requestDestroyed() method of the ServletRequestListener interface takes a ServletRequestEvent object and notifies that the request is about to go out of scope of the Web application.


• The HttpSessionBindingListener interface causes an object of the implementing class to be notified when it is added to or removed from a session. This interface has the following methods:
  
  1. public void valueBound(event)
  
  
  2. public void valueUnbound(event)


• A request can be forwarded from one servlet to another servlet by using a RequestDispatcher.


• The getRequestDispatcher() method is present in the ServletRequest interface as well as in the ServletContext interface. This method returns a RequestDispatcher object that acts as a wrapper for the resource located in the given path.


• A RequestDispatcher object can be obtained in three ways as follows:
  ServletContext.getRequestDispatcher(String path)
  ServletContext.getNamedDispatcher(String name)
  ServletRequest.getRequestDispatcher(String path)


• If the response.sendRedirect() method is invoked after the response is written, i.e., after the response data is flushed, an IllegalStateException will be thrown.


• The getNamedDispatcher() method of the ServletContext interface takes the name of the servlet as a String argument. If a servlet is found, it is wrapped with a RequestDispatcher object, and the RequestDispatcher object is returned. If no servlet is associated with the given name, the method returns null.

Session Management

• The getSession() method of the HttpServletRequest interface returns the current session associated with the request, or creates a new session if no session exists.
• The getCreationTime() method returns the time when the session was created. The time is measured in milliseconds since midnight January 1, 1970.
• The getWriter() method of the ServletResponse interface returns a PrintWriter object suitable for writing character data in the response.


• The setMaxInactiveInterval() method sets the maximum time in seconds before a session becomes invalid.


• The invalidate() method of the HttpSession interface ends the existing session and unbinds all the objects associated with the session.


• The <session-timeout> element of the deployment descriptor sets the session timeout. If the time specified for timeout is zero or negative, the session will never timeout.


• The setMaxInactiveInterval(seconds) method is used set the maximum time before an inactive session will expire.


• Invalidating a session unbinds all the attributes from the session. Hence, attributes no longer exist with the session, and trying to get an attribute from the session will result in IllegalStateException.


• The getCreationTime() method throws an IllegalStateException if it is called on an invalidated session.
• The HttpSessionActivationListener interface notifies an attribute that the session is about to be activated or passivated.


• The HttpSessionListener object is used to notify the class when a session is created or destroyed.


• The session binds the object by a call to the HttpSession.setAttribute() method and unbinds the object by a call to the HttpSession.removeAttribute() method.


• Except for the HttpSessionActivationListener and the HttpSessionBindingListener, all other listeners must be configured in the deployment descriptor.


• The getCookies() method of the HttpServletRequest interface is used to get the cookies from a client. This method returns an array of cookies.


• URL rewriting can be used even if cookies are not supported by the browser.


• The encodeRedirectURL() method of the HttpServletResponse interface, returns a URL by including a session ID in it for use in the sendRedirect() method. If the encoding is not required, the URL is returned unchanged.

Web Application Security

• Data integrity ensures that information has not been modified, altered, or destroyed by a third party while it is in transit.


• Confidentiality is a mechanism that ensures that only the intended and authorized recipients are able to read data.


• Authorization is a process that verifies whether a user has permission to access a Web resource.


• The isUserInRole() method of the HttpServletRequest interface indicates whether the authenticated user is included in the role specified in the deployment descriptor. Roles and role membership can be defined in the element of the deployment descriptor. If the user has not been authenticated, this method returns false.


• The <auth-constraint> element is a sub-element of the <security-constraint> element. It defines the roles that are allowed to access the Web resources specified by the <web-resource-collection> sub-elements.


• If there is no auth-constraint, or if role-name is specified as * , all users are allowed access to the resource. If auth-constraint is empty, no user is allowed access to the resource.


• The <web-resource-collection> element specifies the resources that will be constrained.


• The <transport-guarantee> element can have any of three values as follows:
  
  1. NONE
  
  
  2. CONFIDENTIAL
  
  
  3. INTEGRAL


• The <login-config> element is used to specify the type of authentication and the type of security realm associated with the resource.


• The <web-resource-collection> element is a sub-element of the <security-constraint> element and specifies the resources that will be constrained.


• The <form-login-config> sub-element of the <login-config> element specifies the error page that should be used in FORM based login.


• Form-based authentication allows users to create their own custom forms.


• The <auth-method> sub-element of the <login-form> element specifies the type of user authentication. Possible values for this element are BASIC, FORM, and CLIENT-CERT. This element is optional; however, if it is not included, the server defaults to Basic Authentication, which is not very secure.


• The BASIC authentication transmits username and password over the network in the form of Base64 encoding.


• DIGEST authentication is an authentication method that transmits data in encrypted form. It is secure, as passwords are encrypted and cannot be determined by sniffing network traffic. However, this authentication method is not supported by all browsers.

The JavaServer Pages (JSP) Technology Model

• The <scripting-invalid> element is used to disable scripting through the deployment descriptor.


• There are four type of scopes available in <jsp:useBean>. They are as follows:
  
  1. The page scope
  
  
  2. The request scope
  
  
  3. The application scope
  
  
  4. The session scope
• When a JSP page is translated to a servlet, the scriptlet code goes into the service() method.


• A page directive allows a user to set the page-specific properties for a JSP.


• The <jsp:useBean> standard action has the following attributes:
  • id
  • class
  • beanName
  • type
  • scope
• Either the type or class attribute must be specified for the <jsp:useBean> standard action.


• The name attribute of the <jsp: getProperty> should match the id attribute of the bean instance as declared by a the <jsp:useBean> standard action.


• In order to retrieve the values of the bean properties to the output stream, the action is used. It has two mandatory attributes, name and property. The name attribute should match the id attribute of the bean instance as declared by the action.


• The import attribute of a page directive allows a user to import a specific package when a JSP is translated to a servlet. This is the only attribute in a page directive that can be used multiple times.


• JSP directives serve as a message from a JSP page to the JSP container and control the processing of the entire page. They are used to set global values such as a class declaration, method implementation, output content type, etc.


• The include directive inserts code of the included file into a JSP page at translation time, i.e., when the JSP page is compiled.


• The page directive has an attribute called contentType that is used to set the MIME type, i.e., the content type of the response.


• A tag directive is similar to a page directive and has all the attributes similar to a page directive plus an extra attribute called body-content. The body-content attribute can be scriptless, tagdependent, or empty.


• An XML-based JSP document should be enclosed between the <jsp:root> and </ jsp:root> tags.


• The jspInit() method is invoked by the container only once when a JSP page is initialized. It can be overridden by a page author to initialize resources, such as database and network connections, and to allow a JSP page to read persistent configuration.


• When the container receives a request for the first time, it translates a JSP page to a servlet, compiles the servlet, and loads the generated class file.


• The _jspService() method of the javax.servlet.jsp.HttpJspPage interface is invoked every time a new request comes to a JSP page. This method takes the HttpServletRequest and HttpServletResponse objects as its arguments. A page author cannot override this method, as its implementation is provided by the container.


• The JSP implicit objects do not need to be declared or instantiated by the JSP author, but are provided by the container in the implementation classes.


• The include directive inserts code of the included file into a JSP page at translation time, i.e., when the JSP page is compiled. This include mechanism is also known as static include.


• The pageContext.include() method always flushes the output of the current page before including the other components, whereas flushes the output of the current page only if the value of flush is explicitly set to true.


• Expression languages are always within curly braces, and prefixed with a dollar sign that is .


• The <jsp:include> standard action enables the current JSP page to include a static or a dynamic resource at runtime. In contrast to the include directive, the include action is used for resources that change frequently. The resource to be included must be in the same context.


• The param implicit object maps a request parameter name to a single value. If there are multiple values in a parameter, they are printed using the paramValues implicit object.


• The dot operator is used in the expression language to retrieve a named property of either a bean or a Map.


• When using the dot operator, the variableName can be a Java bean or a Map, and the propertyName can be a key or a bean property.


• The indexing operator [] is used in the expression language to retrieve properties of a Java bean, a Map, an array, or a List. It can be used in all places where a dot operator is used.


• A [] operator can accept a Map key, a bean property, a List, or an array index. It can accept an integer or any String that can be converted to an integer.


• If the dot operator is used to access the bean property but the property does not exist, a runtime exception is thrown.


• The ge operator checks whether the first operand is greater than or equal to the second operand. The gt operator checks whether the first operand is greater than the second operand. The div operator returns the result of the division of first operand by the second.


• While performing EL arithmetic operations, the operands are converted to their primitive values.
  In EL, true and false are reserved words. For an arithmetic operation, an undefined variable is treated as zero.


• The name of the class containing an EL function should be mapped in the TLD using the <function-class> sub-element of the <function> element.


• In order to use an EL function, the following files are required:
  
  1. A class with a public static method
  
  
  2. A TLD that maps the EL function class to a JSP page
  
  
  3. A JSP that invokes the EL function

Building JSP Pages Using Standard Actions
The <jsp:setProperty> standard action is used with the <jsp:useBean> standard action to set the bean properties. This standard action has the mandatory name and property attributes.

• The scope attributeof the <jsp:useBean> specifies the scope within which the reference is available. It is an optional attribute and defaults to page.


• The attributes mandatory to use in order to instantiate a JavaBean are id and class. The scope attribute, if not specified, defaults to page. The other attributes, i.e., the type and name of the bean, are not mandatory.


• The <jsp:setproperty> standard action is used with the <jsp:useBean> standard action to set the bean properties. This standard action has the mandatory name and property attributes.


• The <jsp:param> standard action is used with <jsp:include> or <jsp:forward> to pass parameter names and values to the target resource.


• The <jsp:forward> standard action forwards a response from a servlet or a JSP page to another page. The execution of the current page is stopped and control is transferred to the forwarded page.

Building JSP Pages Using Tag Libraries

• The taglib prefix attribute is mandatory for creating a taglib directive and precedes the custom tag name. It must be unique within the page.


• A tag library is a collection of classes and meta information for using custom tags.


• The uri element of the taglib directive matches the sub-element of the element in the deployment descriptor.


• The <rtexprvalue> element is a sub-element of the <attribute> element. It stands for runtime expression and specifies whether the attribute is evaluated at translation or at runtime.


• The <tag-class> element is used to describe the fully qualified name of the class that implements the functionality of this tag. The <tag> element gives information about the tag and contains sub-elements, such as <name>, <description>, etc.


• The <taglib> element has two sub-elements, namely <taglib-location> and <taglib-uri>.


• The <c:forEach> tag pulls out one element at a time from a stack, and prints that element in a dynamically-generated manner.


• The <c:catch> tag is similar to the try-catch block, as the tag is used to handle exceptions. However, unlike the try-catch block, there is no separate try block in the <c:catch> tag.
  
• If the value attribute of the <c:set> tag evaluates to null, the attribute pointed by var will be removed. However, if the var attribute does not exist, it will be created if the specified value is not null.


• The <c:out> tag evaluates an expression and writes its value to the output stream.

Building a Custom Tag Library

• The possible return values for various methods of a classic tag handler are as follows:
  doStartTag()
  
  1. SKIP_BODY
  
  
  2. EVAL_BODY_INCLUDE
  
  doAfterBody()
  
  1. SKIP_BODY
  
  
  2. EVAL_BODY_AGAIN
  
  doEndTag()
  
  1. SKIP_PAGE
  
  
  2. EVAL_PAGE
• The doAfterbody() method is called on a tag that implements the IterationTag interface. It returns EVAL_BODY_AGAIN to evaluate the body of the tag on the current page.


• Classic tag handlers can implement the Tag, IterationTag, or BodyTag interface.


• The doEndTag() method of the Tag interface is called by the JSP engine when it encounters the closing tag.


• The doAfterBody method of the IterationTag interface is called after each evaluation of the tag.


• The doStartTag() method of the Tag interface is called after a tag has been initialized. This occurs at runtime when the JSP engine encounters the opening of the tag.


• The findAttribute() method of the JspContext class takes a single String argument.


• The functions performed by the pageContext implicit object are as follows:
  
  1. Managing various scoped namespaces
  
  
  2. Accessing various public objects
  
  
  3. Obtaining the JspWriter for output
  
  
  4. Managing session usage by the page
  
  
  5. Forwarding or including the current request to other active components in the application
  
  
  6. Handling errorpage exception processing


• The pageContext implicit object uses the forward() method of the PageContext class to forward the current ServletRequest and ServletResponse objects to another active component in the application. It uses the include() method to include the resource specified to be processed as part of the current ServletRequest or ServletResponse object.


• The findAttribute() method of the JspContext class searches for the named attribute in the page, request, session, and application scopes in this order.


• The getParentTag() method is present in two interfaces, namely Tag for classic custom tags and SimpleTag for simple custom tags. This method is used when custom tags are nested one inside the other.


• The outer tag is called the parent tag and the inner tag is called the child tag. A child element uses this method to call its parent.


• The findAncestorWithClass() method is present in two classes, namely TagSupport for classic tag handlers, and SimpleTagSupport for simple tag handlers. It is a static method that finds the closest ancestor of the given tag and class.


• The findAncestorWithClass() method internally calls the getParent method to get further reference.
  A simple tag handler is a Java class that extends the SimpleTagSupport class.


• The SimpleTag interface extends the JspTag interface and provides methods to support simple tag handlers. The doTag() method of the SimpleTag interface is used by the container when a JSP page invokes the tag using the name declared in the TLD file.


• The SkipPageException is thrown by a simple tag handler to indicate that the remainder of the page must not be evaluated.


• The variable directive is used to declare variables in a tag file.


• The <jsp:doBody> standard action is used only with tag files. It is used to invoke the body of a tag. The <jsp:invoke> standard action is similar to and can be used only in a tag file. It is used to evaluate a fragment attribute.


• The body-content is a mandatory attribute for the tag directive and defines the content of the tag body.

J2EE Patterns

• Business Delegate, Service Locator, and Transfer Object are used in business tier. Front controller and Intercepting filter are used in presentation tier.


• Business Delegate is a business tier component that provides a proxy interface to various business services.


• Service Locator is a J2EE design pattern that uses the Java Naming and Directory Service


• An intercepting filter is a used to modify incoming requests from a client to a servlet and send the response back to the client.


• Transfer Object is a serializable class that is used to transfer data between different tiers in an application.


• The Business Delegate model provides control and protection for the business service and reduces coupling between client and system's business services.


• The Transfer Object model reduce the network traffic by collapsing multiple remote requests into one. It may be implemented as a serializable object, so that it can be moved across the network.


• A Business Delegate model provides control and protection for the business service.

Rating: