NEW TITLE RELEASE ANNOUNCEMENT
See the latest about a temporary release delay on new titles. Learn more.
The Java 2 Platform has become the technology of choice for developing professional e-commerce applications, dynamic Web pages, and Web-enabled applications and services. Servlet and JSP technology is the foundation of this platform: it provides the link between Web clients and server-side applications. But, the field has been evolving rapidly, and few developers have been able to keep up. In this companion to Core Servlets and JavaServer Pages, Marty Hall shows you how to apply recent advances in servlet and JSP technology. The book provides everything you need to know to leverage the latest servlet 2.3 and JSP 1.2 standards: real-world insight, advanced techniques, industrial-strength code, and hands on coverage of three top servers: Apache Tomcat, Macromedia JRun, and New Atlanta ServletExec.
More Servlets and JavaServer Pages delivers:
About the Author.
Who Should Read This Book.
Integrated Coverage of Servlets and JSP. Real Code. Step-by-Step Instructions. Server Configuration and Usage Details.
I. The Basics. II. Web Applications. III. Web Application Security. IV. Major New Servlet JSP Capabilities. V. New Tag Library Capabilities.
I. THE BASICS.1. Server Setup and Configuration.
Download the Java Development Kit (JDK). Download a Server for Your Desktop. Change the Port and Configure Other Server Settings. Test the Server. Try Some Simple HTML and JSP Pages. Set Up Your Development Environment. Compile and Test Some Simple Servlets. Establish a Simplified Deployment Method. Deployment Directories for Default Web Application: Summary.2. A Fast Introduction to Basic Servlet Programming.
The Advantages of Servlets Over “Traditional” CG. Basic Servlet Structure. The Servlet Life Cycle. The Client Request: Form Data. The Client Request: HTTP Request Headers. The Servlet Equivalent of the Standard CGI Variables. The Server Response: HTTP Status Codes. The Server Response: HTTP Response Headers. Cookies. Session Tracking.3. A Fast Introduction to Basic JSP Programming.
JSP Overview. Advantages of JSP. Invoking Code with JSP Scripting Elements. Structuring Autogenerated Servlets: The JSP page Directive. Including Files and Applets in JSP Documents. Using JavaBeans with JSP. Defining Custom JSP Tag Libraries. Integrating Servlets and JSP: The MVC Architecture.II. WEB APPLICATIONS.
Registering Web Applications. Structure of a Web Application. Deploying Web Applications in WAR Files. Recording Dependencies on Server Libraries. Handling Relative URLs in Web Applications. Sharing Data Among Web Applications.5. Controlling Web Application.
Behavior with web.xml. Defining the Header and Root Elements. The Order of Elements within the Deployment Descriptor. Assigning Names and Custom URLs. Disabling the Invoker Servlet. Initializing and Preloading Servlets and JSP Pages. Declaring Filters. Specifying Welcome Pages. Designating Pages to Handle Errors. Providing Security. Controlling Session Timeouts. Documenting Web Applications. Associating Files with MIME Types. Locating Tag Library Descriptors. Designating Application Event Listeners. J2EE Elements.6. A Sample Web Application: An Online Boat Shop.
General Configuration Files. The Top-Level Page. The Second-Level Pages. The Item Display Servlet. The Purchase Display Page.
III. WEB APPLICATION SECURITY.7. Declarative Security.
Form-Based Authentication. Example: Form-Based Authentication. BASIC Authentication. Example: BASIC Authentication. Configuring Tomcat to Use SSL.8. Programmatic Security.
Combining Container-Managed and Programmatic Security.
Example: Combining Container-Managed and Programmatic Security. Handling All Security Programmatically. Example: Handling All Security Programmatically. Using Programmatic Security with SSL. Example: Programmatic Security and SSL.
IV. MAJOR NEW SERVLET AND JSP CAPABILITIES.9. Servlet and JSP Filters.
Creating Basic Filters. Example: A Reporting Filter. Accessing the Servlet Context from Filters. Example: A Logging Filter. Using Filter Initialization Parameters. Example: An Access Time Filter. Blocking the Response. Example: A Prohibited-Site Filter. Modifying the Response. Example: A Replacement Filter. Example: A Compression Filter. The Complete Filter Deployment Descriptor.10. The Application Events Framework.
Monitoring Creation and Destruction of the Servlet Context. Example: Initializing Commonly Used Data. Detecting Changes in Servlet Context Attributes. Example: Monitoring Changes to Commonly Used Data. Packaging Listeners with Tag Libraries. Example: Packaging the Company Name Listeners. Recognizing Session Creation and Destruction. Example: A Listener That Counts Sessions. Watching for Changes in Session Attributes. Example: Monitoring Yacht Orders. Using Multiple Cooperating Listeners. The Complete Events Deployment Descriptor.
V. NEW TAG LIBRARY CAPABILITIES.11. New Tag Library Features in JSP 1.2.
Using the New Tag Library Descriptor Format. Bundling Listeners with Tag Libraries. Checking Syntax with TagLibraryValidator. Aside: Parsing XML with SAX 2.0. Handling Exceptions with the TryCatchFinally Interface. New Names for Return Values. Looping without Generating BodyContent. Introducing Scripting Variables in the TLD File.12. The JSP Standard Tag Library.
Using JSTL: An Overview. Installing and Configuring JSTL. Looping with the forEach Tag. Accessing the Loop Status. Looping with the forTokens Tag. Evaluating Items Conditionally. Using the Expression Language.Appendix: Server Organization and Structure.
Suppose your company wants to sell products online. You have a database that gives the price and inventory status of each item. But, your database doesn't speak HTTP, the protocol that Web browsers use. Nor does it output HTML, the format Web browsers need. What can you do? Once users know what they want to buy, how do you gather that information? You want to customize your site based on visitors' preferences and interests-how? You want to let users see their previous purchases, but you don't want to reveal that information to other visitors. How do you enforce these security restrictions? When your Web site becomes popular, you might want to compress pages to reduce bandwidth. How can you do this without causing your site to fail for the 30% of visitors whose browsers don't support compression? In all these cases, you need a program to act as the intermediary between the browser and some server-side resource. This book is about using the Java platform for this type of program.
"Wait a second," you say. "Didn't you already write a book about that?" Well, yes. In May of 2000, Sun Microsystems Press and Prentice Hall released my second book, Core Servlets and JavaServer Pages. It was successful beyond everyone's wildest expectations, selling approximately 100,000 copies in the first year, getting translated into Bulgarian, Chinese, Czech, French, German, Hebrew, Japanese, Korean, Polish, Russian, and Spanish, and being chosen by Amazon.com as one of the top five computer programming books of 2001. Even better, I was swamped with requests for what I really like doing: teaching short courses for developers in industry. Despite having to decline most of the requests, I was still able to teach servlet and JSP short courses in Australia, Canada, Japan, the Philippines, and at a variety of U.S. venues. What fun!
Since then, use of servlets and JSP has continued to grow at a phenomenal rate. The Java 2 Platform has become the technology of choice for developing e-commerce applications, dynamic Web sites, and Web-enabled applications and service. Servlets and JSP continue to be the foundation of this platformthey provide the link between Web clients and server-side applications. Virtually all major Web servers for Windows, Unix (including Linux), MacOS, VMS, and mainframe operating systems now support servlet and JSP technology either natively or by means of a plugin. With only a small amount of configuration, you can run servlets and JSP in Microsoft IIS, iPlanet/Netscape Enterprise Server, the Apache Web Server, IBM WebSphere, BEA WebLogic, and dozens of other servers. Performance of both commercial and open-source servlet and JSP engines has improved significantly.
However, the field continues to evolve rapidly. For example:
Whew. Lots of changes. The new features are very useful, but is there a single place where you can learn about all of them? Here! That's why I wrote this book: to show developers how to make use of all of these new features. If you aren't familiar with basic servlet and JSP development, don't worry. I provide a thorough review at the beginning of the book.
This book is aimed at two main groups.
The first group is composed of people who are familiar with basic servlet and JSP development and want to learn how to make use of all the new capabilities I just described.
However, if you are new to this technology, there is no need to go away and learn older servlet and JSP versions and then come back to this book. Assuming you are familiar with the basics of the Java programming language itself, you fit into the second main group for whom this book is designed. For you, I start the book with a detailed review of the foundations of servlet and JSP programming, set in the context of the servlet 2.3 and JSP 1.2 specifications. Furthermore, when space prevents coverage of some of the finer points of basic development, I cite the specific sections of Core Servlets and JavaServer Pages that provide details and put those sections online at
Although this book is well suited for both experienced servlet and JSP programmers and newcomers to the technology, it assumes that you are familiar with basic Java programming. You don't have to be an expert Java developer, but if you know nothing about the Java programming language, this is not the place to start. After all, servlet and JSP technology is an application of the Java programming language. If you don't know the language, you can't apply it. So, if you know nothing about basic Java development, start with a good introductory book like Thinking in Java, Core Java, or Core Web Programming. Come back here after you are comfortable with at least the basics.
This book has four important characteristics that set it apart from many other similar-sounding books:
One of the key philosophies behind Core Servlets and JavaServer Pages was that servlets and JSP should be learned (and used!) together, not separately. After all, they aren't two entirely distinct technologies: JSP is just a different way of writing servlets. If you don't know servlet programming, you can't use servlets when they are a better choice than JSP, you can't use the MVC architecture to integrate servlets and JSP, you can't understand complex JSP constructs, and you can't understand how JSP scripting elements work (since they are really just servlet code). If you don't understand JSP development, you can't use JSP when it is a better option than servlet technology, you can't use the MVC architecture, and you are stuck using print statements even for pages that consist almost entirely of static HTML.
In this book, an integrated approach is more important than ever. Web applications let you bundle both servlets and JSP pages into a single file or directory. The custom URLs, initialization parameters, preload settings, and session timeouts of the deployment descriptor apply equally to servlets and JSP pages. Declarative security applies equally to both technologies. The new filtering capability applies to both. Event listeners apply to both. The jx portion of the JSP standard tag library (JSTL) is mostly predicated on the assumption that the JSP page is presenting data that was established by a servlet. Servlets and JSP go together!
When I was a graduate student (long before Java existed), I had an Algorithms professor who explained in class that he was a believer in step-by-step instructions. I was puzzled: wasn't everyone? Not at all. Sure, most instructors explained simple tasks that way, but this professor took even highly theoretical concepts and said "first you do this, then you do that," and so on. The other instructors didn't explain things this way; neither did my textbooks. But, it helped me enormously.
If such an approach works even for theoretical subjects, how much more should it work with applied tasks like those described in this book?
When I first tried to learn server-side programming, I grabbed a couple of books, the official specifications, and some online papers. Almost without fail, they said something like "since this technology is portable, we won't cover specifics of any one server." Aargh. I couldn't even get started. After hunting around, I downloaded a server. I wrote some code. How did I compile it? Where did I put it? How did I invoke it?
Servlet and JSP code is portable. The APIs are standardized. But, server structure and organization are not standardized. The directory in which you place your code is different on ServletExec than it is on JRun. You set up SSL differently with Tomcat than you do with other servers. These details are important.
Now, I'm not saying that this is a book that is specific to any particular server. I'm just saying that when a topic requires server-specific knowledge, it is important to say so. Furthermore, specific examples are helpful. So, when I describe a topic that requires server-specific information like the directory in which to place a Web application, I first explain the general pattern that servers tend to follow. Then, I give very specific details for three of the most popular servers that are available without cost for desktop development: Apache Tomcat, Macromedia/Allaire JRun, and New Atlanta ServletExec.
This book consists of five parts:
The book has a companion Web site at
http://www.moreservlets.com/. This free site includes: