Home > Store

More Servlets and JavaServer Pages (JSP)

Register your product to gain access to bonus material or receive a coupon.

More Servlets and JavaServer Pages (JSP)

Book

  • Sorry, this book is no longer in print.
Not for Sale

Description

  • Copyright 2002
  • Dimensions: K
  • Pages: 752
  • Edition: 1st
  • Book
  • ISBN-10: 0-13-067614-4
  • ISBN-13: 978-0-13-067614-6

  • Companion to the worldwide bestseller Core Servlets and JavaServer Pages
  • Practical guide to the use of the Java Platform for Web-enabled applications and dynamic Web sites
  • Focus on new capabilities: the servlet 2.3 and JSP 1.2 specifications, the standard JSP tag library (JSPTL), filters, life-cycle event listeners, security, Web applications, and much more
  • Configuration and usage details for Apache Tomcat, Macromedia JRun, and New Atlanta ServletExec

The Java 2 Platform has become the technology of choice for developing professional e-commerce applications, dynamic Web pages, and Web-enabled applications and services. Servlet and JSP technology is the foundation of this platform: it provides the link between Web clients and server-side applications. But, the field has been evolving rapidly, and few developers have been able to keep up. In this companion to Core Servlets and JavaServer Pages, Marty Hall shows you how to apply recent advances in servlet and JSP technology. The book provides everything you need to know to leverage the latest servlet 2.3 and JSP 1.2 standards: real-world insight, advanced techniques, industrial-strength code, and hands on coverage of three top servers: Apache Tomcat, Macromedia JRun, and New Atlanta ServletExec.

  • Part I gives a thorough introduction to programming with servlet and JSP technology. It shows you how to configure your server, read form data and HTTP headers, handle cookies, track sessions, apply JSP scripting elements, use JavaBeans components, develop JSP tag libraries, and apply the MVC architecture.
  • Part II provides exhaustive details on Web application development and deployment. It explains how to register Web applications, how to organize them, how to deploy them in WAR files, how to deal with relative URLs, and how to share data among Web applications. It also gives details on every element in version 2.3 of the deployment descriptor (web.xml).
  • Part III describes Web application security in detail. It explains two general strategies for securing your applications: declarative security and programmatic security. Within each of these strategies, it shows you how to use form-based or BASIC authentication and how to protect your network traffic with SSL.
  • Part IV covers two features introduced with servlets 2.3: filters and life-cycle events. It explains how to use filters to debug, modify, and optimize the output of previously existing servlets and JSP pages. It also shows you how to use event listeners to respond to major events in the server life cycle.
  • Part V looks at new tag library developments. It shows you how to improve your own tag libraries by making use of new capabilities of the JSP 1.2 specification and explains how to streamline your code by using the new standard JSP tag library (JSPTL).

More Servlets and JavaServer Pages delivers:

  • The same clear, step-by-step explanations that make Marty's books so popular
  • In-depth, hands-on coverage of the latest standards: servlets 2.3 and JSP 1.2
  • Hundreds of completely portable, fully documented, industrial-strength examples
  • On-line access to all source code, available free for unrestricted use

Sample Content

Online Sample Chapters

A Fast Introduction to Basic Servlet Programming

Declarative Web Application Security with Servlets and JSP

Servlet and JSP Application Events Framework

Using and Deploying Web Applications with Servlets and JSP

Table of Contents



Acknowledgments.


About the Author.


Introduction.


Who Should Read This Book.


Book Distinctives.

Integrated Coverage of Servlets and JSP. Real Code. Step-by-Step Instructions. Server Configuration and Usage Details.



How This Book Is Organized.

I. The Basics. II. Web Applications. III. Web Application Security. IV. Major New Servlet JSP Capabilities. V. New Tag Library Capabilities.



Conventions.


About the Web Site.

I. THE BASICS.

1. Server Setup and Configuration.

Download the Java Development Kit (JDK). Download a Server for Your Desktop. Change the Port and Configure Other Server Settings. Test the Server. Try Some Simple HTML and JSP Pages. Set Up Your Development Environment. Compile and Test Some Simple Servlets. Establish a Simplified Deployment Method. Deployment Directories for Default Web Application: Summary.

2. A Fast Introduction to Basic Servlet Programming.

The Advantages of Servlets Over “Traditional” CG. Basic Servlet Structure. The Servlet Life Cycle. The Client Request: Form Data. The Client Request: HTTP Request Headers. The Servlet Equivalent of the Standard CGI Variables. The Server Response: HTTP Status Codes. The Server Response: HTTP Response Headers. Cookies. Session Tracking.

3. A Fast Introduction to Basic JSP Programming.

JSP Overview. Advantages of JSP. Invoking Code with JSP Scripting Elements. Structuring Autogenerated Servlets: The JSP page Directive. Including Files and Applets in JSP Documents. Using JavaBeans with JSP. Defining Custom JSP Tag Libraries. Integrating Servlets and JSP: The MVC Architecture.

II. WEB APPLICATIONS.
4. Using and Deploying Web Applications.

Registering Web Applications. Structure of a Web Application. Deploying Web Applications in WAR Files. Recording Dependencies on Server Libraries. Handling Relative URLs in Web Applications. Sharing Data Among Web Applications.

5. Controlling Web Application.

Behavior with web.xml. Defining the Header and Root Elements. The Order of Elements within the Deployment Descriptor. Assigning Names and Custom URLs. Disabling the Invoker Servlet. Initializing and Preloading Servlets and JSP Pages. Declaring Filters. Specifying Welcome Pages. Designating Pages to Handle Errors. Providing Security. Controlling Session Timeouts. Documenting Web Applications. Associating Files with MIME Types. Locating Tag Library Descriptors. Designating Application Event Listeners. J2EE Elements.

6. A Sample Web Application: An Online Boat Shop.

General Configuration Files. The Top-Level Page. The Second-Level Pages. The Item Display Servlet. The Purchase Display Page.

III. WEB APPLICATION SECURITY.

7. Declarative Security.

Form-Based Authentication. Example: Form-Based Authentication. BASIC Authentication. Example: BASIC Authentication. Configuring Tomcat to Use SSL.

8. Programmatic Security.

Combining Container-Managed and Programmatic Security.

Example: Combining Container-Managed and Programmatic Security. Handling All Security Programmatically. Example: Handling All Security Programmatically. Using Programmatic Security with SSL. Example: Programmatic Security and SSL.

IV. MAJOR NEW SERVLET AND JSP CAPABILITIES.

9. Servlet and JSP Filters.

Creating Basic Filters. Example: A Reporting Filter. Accessing the Servlet Context from Filters. Example: A Logging Filter. Using Filter Initialization Parameters. Example: An Access Time Filter. Blocking the Response. Example: A Prohibited-Site Filter. Modifying the Response. Example: A Replacement Filter. Example: A Compression Filter. The Complete Filter Deployment Descriptor.

10. The Application Events Framework.

Monitoring Creation and Destruction of the Servlet Context. Example: Initializing Commonly Used Data. Detecting Changes in Servlet Context Attributes. Example: Monitoring Changes to Commonly Used Data. Packaging Listeners with Tag Libraries. Example: Packaging the Company Name Listeners. Recognizing Session Creation and Destruction. Example: A Listener That Counts Sessions. Watching for Changes in Session Attributes. Example: Monitoring Yacht Orders. Using Multiple Cooperating Listeners. The Complete Events Deployment Descriptor.

V. NEW TAG LIBRARY CAPABILITIES.

11. New Tag Library Features in JSP 1.2.

Using the New Tag Library Descriptor Format. Bundling Listeners with Tag Libraries. Checking Syntax with TagLibraryValidator. Aside: Parsing XML with SAX 2.0. Handling Exceptions with the TryCatchFinally Interface. New Names for Return Values. Looping without Generating BodyContent. Introducing Scripting Variables in the TLD File.

12. The JSP Standard Tag Library.

Using JSTL: An Overview. Installing and Configuring JSTL. Looping with the forEach Tag. Accessing the Loop Status. Looping with the forTokens Tag. Evaluating Items Conditionally. Using the Expression Language.

Appendix: Server Organization and Structure.
Index.

Preface

Introduction

Suppose your company wants to sell products online. You have a database that gives the price and inventory status of each item. But, your database doesn't speak HTTP, the protocol that Web browsers use. Nor does it output HTML, the format Web browsers need. What can you do? Once users know what they want to buy, how do you gather that information? You want to customize your site based on visitors' preferences and interests-how? You want to let users see their previous purchases, but you don't want to reveal that information to other visitors. How do you enforce these security restrictions? When your Web site becomes popular, you might want to compress pages to reduce bandwidth. How can you do this without causing your site to fail for the 30% of visitors whose browsers don't support compression? In all these cases, you need a program to act as the intermediary between the browser and some server-side resource. This book is about using the Java platform for this type of program.

"Wait a second," you say. "Didn't you already write a book about that?" Well, yes. In May of 2000, Sun Microsystems Press and Prentice Hall released my second book, Core Servlets and JavaServer Pages. It was successful beyond everyone's wildest expectations, selling approximately 100,000 copies in the first year, getting translated into Bulgarian, Chinese, Czech, French, German, Hebrew, Japanese, Korean, Polish, Russian, and Spanish, and being chosen by Amazon.com as one of the top five computer programming books of 2001. Even better, I was swamped with requests for what I really like doing: teaching short courses for developers in industry. Despite having to decline most of the requests, I was still able to teach servlet and JSP short courses in Australia, Canada, Japan, the Philippines, and at a variety of U.S. venues. What fun!

Since then, use of servlets and JSP has continued to grow at a phenomenal rate. The Java 2 Platform has become the technology of choice for developing e-commerce applications, dynamic Web sites, and Web-enabled applications and service. Servlets and JSP continue to be the foundation of this platform—they provide the link between Web clients and server-side applications. Virtually all major Web servers for Windows, Unix (including Linux), MacOS, VMS, and mainframe operating systems now support servlet and JSP technology either natively or by means of a plugin. With only a small amount of configuration, you can run servlets and JSP in Microsoft IIS, iPlanet/Netscape Enterprise Server, the Apache Web Server, IBM WebSphere, BEA WebLogic, and dozens of other servers. Performance of both commercial and open-source servlet and JSP engines has improved significantly.

However, the field continues to evolve rapidly. For example:

  • The official servlet and JSP reference implementation is no longer developed by Sun. Instead, it is Apache Tomcat, an open-source product developed by a team from many different organizations.
  • Use of Web applications to bundle groups of servlets and JSP pages has grown significantly.
  • Portable mechanisms for enforcing Web application security have started to displace the server-specific mechanisms that were formerly used.
  • Version 2.3 of the servlet specification was released (August 2001). New features in this specification include servlet and JSP filters, application life-cycle event handlers, and a number of smaller additions and changes to existing APIs and to the deployment descriptor (web.xml).
  • Version 1.2 of the JSP specification was released (also August 2001). This version lets you bundle event listeners with tag libraries, lets you designate XML-based programs to check the syntax of pages that use custom tags, and supplies interfaces that let your custom tags loop more efficiently and handle errors more easily. JSP 1.2 also makes a number of smaller changes and additions to existing APIs and to the TLD file format.
  • XML has become firmly entrenched as a data-interchange language. Servlet and JSP pages use it for configuration files. Tag library validators can use it to verify custom tag syntax. JSP pages can be represented entirely in XML.
  • Throughout 2000 and 2001, the JSR-052 expert group put together a standard tag library for JSP. In November of 2001 they released early access version 1.2 of this library, called JSTL (JSP Standard Tag Library). This library provides standard tags for simple looping, iterating over a variety of data structures, evaluating content conditionally, and accessing objects without using explicit scripting code.

Whew. Lots of changes. The new features are very useful, but is there a single place where you can learn about all of them? Here! That's why I wrote this book: to show developers how to make use of all of these new features. If you aren't familiar with basic servlet and JSP development, don't worry. I provide a thorough review at the beginning of the book.

Who Should Read This Book

This book is aimed at two main groups.

The first group is composed of people who are familiar with basic servlet and JSP development and want to learn how to make use of all the new capabilities I just described.

However, if you are new to this technology, there is no need to go away and learn older servlet and JSP versions and then come back to this book. Assuming you are familiar with the basics of the Java programming language itself, you fit into the second main group for whom this book is designed. For you, I start the book with a detailed review of the foundations of servlet and JSP programming, set in the context of the servlet 2.3 and JSP 1.2 specifications. Furthermore, when space prevents coverage of some of the finer points of basic development, I cite the specific sections of Core Servlets and JavaServer Pages that provide details and put those sections online at http://www.moreservlets.com.

Although this book is well suited for both experienced servlet and JSP programmers and newcomers to the technology, it assumes that you are familiar with basic Java programming. You don't have to be an expert Java developer, but if you know nothing about the Java programming language, this is not the place to start. After all, servlet and JSP technology is an application of the Java programming language. If you don't know the language, you can't apply it. So, if you know nothing about basic Java development, start with a good introductory book like Thinking in Java, Core Java, or Core Web Programming. Come back here after you are comfortable with at least the basics.

Book Distinctives

This book has four important characteristics that set it apart from many other similar-sounding books:

  • Integrated coverage of servlets and JSP. The two technologies are closely related; you should learn and use them together.
  • Real code. Complete, working, documented programs are essential to learning; I provide lots of them.
  • Step-by-step instructions. Complex tasks are broken down into simple steps that are illustrated with real examples.
  • Server configuration and usage details. I supply lots of concrete examples to get you going quickly.

Integrated Coverage of Servlets and JSP

One of the key philosophies behind Core Servlets and JavaServer Pages was that servlets and JSP should be learned (and used!) together, not separately. After all, they aren't two entirely distinct technologies: JSP is just a different way of writing servlets. If you don't know servlet programming, you can't use servlets when they are a better choice than JSP, you can't use the MVC architecture to integrate servlets and JSP, you can't understand complex JSP constructs, and you can't understand how JSP scripting elements work (since they are really just servlet code). If you don't understand JSP development, you can't use JSP when it is a better option than servlet technology, you can't use the MVC architecture, and you are stuck using print statements even for pages that consist almost entirely of static HTML.

In this book, an integrated approach is more important than ever. Web applications let you bundle both servlets and JSP pages into a single file or directory. The custom URLs, initialization parameters, preload settings, and session timeouts of the deployment descriptor apply equally to servlets and JSP pages. Declarative security applies equally to both technologies. The new filtering capability applies to both. Event listeners apply to both. The jx portion of the JSP standard tag library (JSTL) is mostly predicated on the assumption that the JSP page is presenting data that was established by a servlet. Servlets and JSP go together!

Real Code

Sure, small code snippets are useful for introducing concepts. The book has lots of them. But, for you to really understand how to use various techniques, you also need to see the techniques in the context of complete working programs. Not huge programs: just ones that have no missing pieces and thus really run. I provide plenty of such programs, all of them documented and available for unrestricted use at www.moreservlets.com.

Step-by-Step Instructions

When I was a graduate student (long before Java existed), I had an Algorithms professor who explained in class that he was a believer in step-by-step instructions. I was puzzled: wasn't everyone? Not at all. Sure, most instructors explained simple tasks that way, but this professor took even highly theoretical concepts and said "first you do this, then you do that," and so on. The other instructors didn't explain things this way; neither did my textbooks. But, it helped me enormously.

If such an approach works even for theoretical subjects, how much more should it work with applied tasks like those described in this book?

Server Configuration and Usage Details

When I first tried to learn server-side programming, I grabbed a couple of books, the official specifications, and some online papers. Almost without fail, they said something like "since this technology is portable, we won't cover specifics of any one server." Aargh. I couldn't even get started. After hunting around, I downloaded a server. I wrote some code. How did I compile it? Where did I put it? How did I invoke it?

Servlet and JSP code is portable. The APIs are standardized. But, server structure and organization are not standardized. The directory in which you place your code is different on ServletExec than it is on JRun. You set up SSL differently with Tomcat than you do with other servers. These details are important.

Now, I'm not saying that this is a book that is specific to any particular server. I'm just saying that when a topic requires server-specific knowledge, it is important to say so. Furthermore, specific examples are helpful. So, when I describe a topic that requires server-specific information like the directory in which to place a Web application, I first explain the general pattern that servers tend to follow. Then, I give very specific details for three of the most popular servers that are available without cost for desktop development: Apache Tomcat, Macromedia/Allaire JRun, and New Atlanta ServletExec.

How This Book Is Organized

This book consists of five parts:

  • Part I: The Basics. Server setup and configuration. Basic servlet programming. Basic JSP programming.
  • Part II: Web Applications. Using and deploying Web applications. Controlling behavior with web.xml. A larger example.
  • Part III: Web Application Security. Declarative security. Programmatic security. SSL.
  • Part IV: Major New Servlet and JSP Capabilities. Servlet and JSP filters. Application life-cycle event listeners.
  • Part V: New Tag Library Capabilities. New tag library features in JSP 1.2. The JSP Standard Tag Library (JSTL).

Part I: The Basics

  • Server setup and configuration.
  • Downloading the JDK.
  • Obtaining a development server.
  • Configuring and testing the server.
  • Deploying and accessing HTML and JSP pages.
  • Setting up your development environment.
  • Deploying and accessing servlets.
  • Simplifying servlet and JSP deployment.
  • Basic servlet programming.
  • The advantages of servlets over competing technologies.
  • The basic servlet structure and life cycle.
  • Servlet initialization parameters.
  • Access to form data.
  • HTTP 1.1 request headers, response headers, and status codes.
  • The servlet equivalent of the standard CGI variables.
  • Cookies in servlets.
  • Session tracking.
  • Basic JSP programming.
  • Understanding the benefits of JSP.
  • Invoking Java code with JSP expressions, scriptlets, and declarations.
  • Structuring the servlet that results from a JSP page.
  • Including files and applets in JSP documents.
  • Using JavaBeans with JSP.
  • Creating custom JSP tag libraries.
  • Combining servlets and JSP: the Model View Controller (Model 2) architecture.

Part II: Web Applications

  • Using and deploying Web applications.
  • Registering Web applications with the server.
  • Organizing Web applications.
  • Deploying applications in WAR files.
  • Recording Web application dependencies on shared libraries.
  • Dealing with relative URLs.
  • Sharing data among Web applications.
  • Controlling Web application behavior with web.xml.
  • Customizing URLs.
  • Turning off default URLs.
  • Initializing servlets and JSP pages.
  • Preloading servlets and JSP pages.
  • Declaring filters for servlets and JSP pages.
  • Designating welcome pages and error pages.
  • Restricting access to Web resources.
  • Controlling session timeouts.
  • Documenting Web applications.
  • Specifying MIME types.
  • Locating tag library descriptors.
  • Declaring event listeners.
  • Accessing J2EE Resources.
  • Defining and using a larger Web application.
  • The interaction among components in a Web application.
  • Using sessions for per-user data.
  • Using the servlet context for multiuser data.
  • Managing information that is accessed by multiple servlets and JSP pages.
  • Eliminating dependencies on the Web application name.

Part III: Web Application Security

  • Declarative security.
  • Understanding the major aspects of Web application security.
  • Authenticating users with HTML forms.
  • Using BASIC HTTP authentication.
  • Defining passwords in Tomcat, JRun, and ServletExec.
  • Designating protected resources with the security-constraint element.
  • Using login-config to specify the authentication method.
  • Mandating the use of SSL.
  • Configuring Tomcat to use SSL.
  • Programmatic security.
  • Combining container-managed and programmatic security.
  • Using the isUserInRole method.
  • Using the getRemoteUser method.
  • Using the getUserPrincipal method.
  • Programmatically controlling all aspects of security.
  • Using SSL with programmatic security.

Part IV: Major New Servlet JSP Capabilities

  • Servlet and JSP filters.
  • Designing basic filters.
  • Reading request data.
  • Accessing the servlet context.
  • Initializing filters.
  • Blocking the servlet or JSP response.
  • Modifying the servlet or JSP response.
  • Using filters for debugging and logging.
  • Using filters to monitor site access.
  • Using filters to replace strings.
  • Using filters to compress the response.
  • Application life-cycle event listeners.
  • Understanding the general event-handling strategy.
  • Monitoring servlet context initialization and shutdown.
  • Setting application-wide values.
  • Detecting changes in attributes of the servlet context.
  • Recognizing creation and destruction of HTTP sessions.
  • Analyzing overall session usage.
  • Watching for changes in session attributes.
  • Tracking purchases at an e-commerce site.
  • Using multiple cooperating listeners.
  • Packaging listeners in JSP tag libraries.

Part V: New Tag Library Capabilities

  • New tag library features in JSP 1.2.
  • Converting TLD files to the new format.
  • Bundling life-cycle event listeners with tag libraries.
  • Checking custom tag syntax with TagLibraryValidator.
  • Using the Simple API for XML (SAX) in validators.
  • Handling errors with the TryCatchFinally interface.
  • Changing names of method return values.
  • Looping without creating BodyContent.
  • Declaring scripting variables in the TLD file.
  • The JSP Standard Tag Library (JSTL).
  • Downloading and installing the standard JSP tag library.
  • Reading attributes without using Java syntax.
  • Accessing bean properties without using Java syntax.
  • Looping an explicit number of times.
  • Iterating over various data structures.
  • Checking iteration status.
  • Iterating with string-based tokens.
  • Evaluating expressions conditionally.
  • Using the JSTL expression language to set attributes, return values, and declare scripting variables.

About the Web Site

The book has a companion Web site at http://www.moreservlets.com/. This free site includes:

  • Documented source code for all examples shown in the book; this code can be downloaded for unrestricted use.
  • Up-to-date download sites for servlet and JSP software.
  • Links to all URLs mentioned in the text of the book.
  • Information on book discounts.
  • Reports on servlet and JSP short courses.
  • Book additions, updates, and news.

Updates

Submit Errata

More Information

Unlimited one-month access with your purchase
Free Safari Membership