Index

Symbols

%= delimiter 166, 170
<%@ include %>. See include directive

A

absolute URI 287
abstraction 377
access control list 140
accessing JavaBean 269
ACL. See access control list
actions 19, 166, 171, 364, 366, 368, 372

custom 286

forward 225

include 223

plugin 171

standard 172

syntax 172
active resources 22
Active Server Pages 15
addCookie() 43
addDateHeader() 43
addHeader() 43
addIntHeader() 43
alias 366
Apache

Jakarta Project 287

Software Foundation 8

tag libraries 287

Tomcat 8

Web Server 7
application 200

events 88

scope 207

server 22

state 120
APPLICATION_SCOPE 210
applicationScope 236, 239, 500
architecture

in JSP 18

J2EE 15

Model 1 18

Model 2 18

multi-tier 400
attacks 141
attrib 367
attribute 313–314, 357, 359–362, 365–374
attribute scopes 55

context scope 55

request scope 55

session scope 55
attributeAdded() 86–87
attributeRemoved() 87
attributeReplaced() 87
auditing 141
authentication 140
authentication mechanisms 142

web applications 146
authorization 140
authorization constraint 149
autoFlush attribute 184

B

Base64 145
basic authentication 143
bean

containers 252

initialization 265

variable scope 265
beanName 260
BigDecimal 242, 249
BigInteger 242, 249
body content 313, 316, 353–360, 362–363, 366–374

empty 316

JSP 317

tagdependent 317
BodyContent 319

getEnclosingWriter() 337

getString() 337
BodyTag 319, 333, 353–357, 359, 362

doInitBody() 333–334

EVAL_BODY_BUFFERED 333–334

EVAL_BODY_TAG 333

example 336

setBodyContent() 333–334
BodyTagSupport 319, 339, 355–357, 374

methods 339
body-value 363
buffer attribute 184
bufferSize 239
business delegate 393
business logic 237

C

caching

GET vs. POST 33

response page 43

results of remote invocations 396

static data 47

Value List Handler pattern 381
CGI scripts 5
See also Common Gateway Interface
class attribute 259
class files 69
classes directory 69

WEB-INF 69
Class.forName() 46
client authentication 145
code reviews 141
collection access 236, 241–242, 249, 501
comments 166, 172
committed 44
Common Gateway Interface 4

limitations 5
compilation

of JSP class into servlets 176

page 175

phase 176

servlets 9
components

application 18

controller 17

J2EE 22

JavaBeans 251

of URI 76

reusing JSP 220

reusing software 219

web 22
conditional statements 191
confidentiality 141
config 204
configuration web application 90
CONNECT 25
containsHeader() 43
content type, common values 42
Content-Length 25
Content-Type 25
contentType attribute 185
context

path 76

scope 55
See also Servlet Context
contextDestroyed() 88–89
contextInitialized() 88–89
cookies 43, 121, 132, 236, 239–240, 500
co-operative tags 343
CORBA 379
custom tags 172

and JavaBeans 347

as custom actions 286

attributes 295

body content 296

buffering the body content 339

descriptor 287

empty 294

hierarchy 322

informing JSP engine 288

libraries 287

nested 297

prefix 293

usage 293, 298

usage in JSP pages 293

validation 347

D

data access object 382
data integrity 141
data privacy 141
<declaration> 211, 213
declarations 168

and variable initialization 191

JSP 20

JSP syntax 166

jspDestroy() 178

jspInit() 178

order in JSP 190

order of 190

syntax 168

translated as 189

XML syntax 213
declarative security 149

example 152
default web application 70–71
:definition 90
DELETE 25
delimiters 17, 170
denial of service attacks 142
deployment descriptor 23, 46, 70, 246, 248–249

overview 71

properties 71, 238, 355–356, 367, 369

sample 72

servlet 73
description 312–313, 315
design patterns 377

business delegate 393

data access object 382

distributed 379

front controller 389

gang of four 377

J2EE 379

model-view-controller 18, 116, 385–386, 391

page-by-page iterator 381

paged-list 381

required for SCWCD 382

service activator 382

service-locator 382

tiers 380

value list handler 381

value object 397
destroy() 48, 104
digest authentication 145
<directive.include> 213
<directive.page> 213

example 211
directives 167, 288

include 167, 220

JSP 19, 167

JSP syntax 166

page 167

syntax 168

taglib 167, 288

translated as 189

XML syntax 213
display-name 312–313
distributed environment 92

HttpSession 93

ServletContext 92

session migration 129

systems 21

web applications 92
div 242
doAfterBody() 329, 353, 356
document root 68
doDelete() 35
doEndTag() 320, 322, 353, 356
doFilter() 104–105
doGet() 35
doHead() 35
doInitBody() 333–334
doOptions() 35
doPost() 35
doPut() 35
doStartTag() 320, 322, 353, 356
doTag() 353–358, 360–362, 372–374
doTrace() 35
doXXX() 35–36

parameters 36
dynamic attributes 359–360, 362, 367–368, 372–373
dynamic inclusion 223

passing parameters 226

sharing objects 228
DynamicValues 359

E

EJB container 22
EL 236–249, 356, 361–362, 364, 366–367
empty tag 294, 324

with attribute 326
empty value 316
encodeRedirectURL() 134
encodeURL() 134
Enterprise JavaBeans

components 380

support 7
error conditions 45
errorPage attribute 182
escape sequences 194

in attributes 195

in scripting elements 195

in template text 194
EVAL_BODY 354, 373
EVAL_BODY_AGAIN 329–330
EVAL_BODY_BUFFERED 333–334
EVAL_BODY_INCLUDE 321–322
EVAL_BODY_TAG 333
EVAL_PAGE 321, 323, 354, 373
events listeners 85, 88
:example 108, 291, 410
exception implicit variable 206
explicit mapping 290, 313
Expression Language 236–238, 240–241, 245, 249, 355, 371
<expression> 212–213
expressions 170, 237–238, 240–242, 247, 249

and implicit variable out 203

JSP 20, 170

JSP syntax 166

request-time attribute 194, 213

syntax 170

translated as 189

valid and invalid 170

XML syntax 213
extends attribute 184

F

fail over 92
Filter 103

destroy() 104

doFilter() 104

init() 103
FilterChain 105

doFilter() 105
FilterConfig 105
filters 98

API 102

chain 98

configuration 106–107

example 100

in MVC 116

threading 116

uses 99
findAncestorWithClass() 338, 345–346, 356
findAttribute() 210
forEach 367
Form-based authentication 146

advantages 146

disadvantages 146
forward action, usage 225
forward() 57, 203
<forward> 20, 171, 223
forwarding a resource 57–58
fragment 362, 368–370
front controller 389
FTP 4
function 236, 241, 244–249
function-class 245–246
function-signature 246

G

Gang of Four 377
GenericServlet 11

getServletContext() 85

init() 47
GET 25, 33

features 33
getAttribute() 56, 123, 210
getAttributeNames() 56
getAttributeNamesInScope() 210
getAttributesScope() 210
getBodyContent() 339, 357, 362, 374
getEnclosingWriter() 337
getExpressionEvaluator() 355
getFilterName() 105
getHeaderNames() 39
getHeaders() 39
getInitParameter() 50, 84, 105
getInitParameterNames() 50, 84, 86, 105
getJspBody() 356–357, 362, 369, 373
getJspContext() 354, 356–358, 361–363, 373–375, 471
getNamedDispatcher() 58
getOut() 354–355, 361–363, 374
getOutputStream() 41–42
getParameter() 37–38, 239
getParameterNames() 37–38
getParameterValues() 37–38, 156
getParent() 320, 355, 357, 372–373, 375
getPreviousOut() 339
getProperty(), automatic type conversion 278
<getProperty> 269
getRealPath() 54, 179
getRemoteUser() 156
getRequestDispatcher() 57
getResource() 53
getResourceAsStream() 53

limitations 54
getServletContext() 50, 105, 238
getServletInfo() 189
getServletName() 50, 52
getServletSession() 238
getSession() 123
getString() 337
getUserPrincipal() 156
getValue() 339
getValues() 339
getVariableResolver() 355
getWriter() 42
GoF. See Gang of Four

H

hashcode 141
HEAD 25, 34
header 24, 26, 38–40, 236, 239–241, 500

management 43

names 43
headerValues 236, 239–242, 500
HTML

comments 172

example Hello User 16

files on web server 5, 69

FORM and HTTP methods 33

FORM for authentication 146

MIME type 185

tables 361

tags and Java code 15

template 15

URL-rewriting 133
HTML output

from custom tags 294, 324

from expressions 170

from JSP page 17

from scriptlets 169

using implicit variable 203

using PrintWriter 40
HTTP 23, 239

basic authentication 143

advantages 144–146

disadvantages 144

basics 24

error conditions 45

GET 25

HEAD 25

methods 32

comparison 33

POST 25

PUT 26

request 24

response 26

status codes 45
HTTP Digest authentication 145

advantages 145

disadvantages 145
HTTP request, servlets 35
HttpJspPage 177
HTTPS 145
HTTPS client authentication 145

advantages 145

disadvantages 146
HttpServlet 12, 35

request processing 35

service() 35
HttpServletRequest 12, 36–37

getHeader() 39

getHeaderNames() 39

getHeaders() 39

getRemoteUser() 156

getUserPrincipal() 156

isUserInRole() 156

methods to identify users 156
HttpServletRequestWrapper 110

example 112
HttpServletResponse 12, 43

containsHeader() 43

encodeRedirectURL() 134

encodeURL() 134

sendRedirect() 44

setDateHeader() 43

setHeader() 43

setIntHeader() 43

status codes 45
HttpServletResponseWrapper 110

example 112
HttpSession 121, 239

distributed environment 93

example 122

getAttribute() 123

getSession() 123

invalidate() 130

isNew() 132

setAttribute() 123

setMaxInactiveInterval() 131

usage 122
HttpSessionActivationListener 94, 129

sessionDidActivate() 129

sessionWillPassivate() 129
HttpSessionAttributeListener 86–87, 125

attributeAdded() 86

attributeRemoved() 87

attributeReplaced() 87
HttpSessionBindingEvent 125
HttpSessionBindingListener 125, 128

example 125

valueBound() 125

valueUnbound() 125
HttpSessionListener 126

example 127

sessionCreated() 126

sessionDestroyed() 126

I

id attribute 259
IllegalArgumentException 94
IllegalStateException 42, 44
implicit mapping 290, 312
implicit objects 198, 200, 210, 259

accessing form custom tags 339
implicit variables 198, 200, 236, 238, 240–241, 249

application 200

config 204

declaration 200

exception 206

out 203

page 202

pageContext 202

request 202

response 202

session 201
import attribute 182
in process servlet container 6
inactivity of session 122
include action, usage 223
include directive 167, 220

accessing variables 221
include() 57, 203
<include> 171
including a resource 57–58
info attribute 185
init() 46, 103
init(ServletConfig) 49
integrity attacks 142
invalidate() 130
IP 121
isELIgnored 367
isErrorPage attribute 182, 206
isNew() 132
ISO-8859-4 42
isUserInRole() 156
IterationTag 319, 329, 353–354, 356–357, 359, 362

doAfterBody() 330

EVAL_BODY_AGAIN 330, 333

example 331
iterative statements 191

J

J2EE pattern catalog 381
JAR

classpath 9

content type 41

file 69

jar command 70

location in a web application 69

sending to browser 41

servlet.jar 9
Java Standard Tag Library 237
JavaBeans

accessibility 259

advantages 253

and custom tags 347

constructors 252

containers 252

conventions 252

declaration 258

example 252

in JSP actions 258

in scripting elements 274

in Servlets 271

indexed properties 278

initializing 265

non-string data types 276

persisting 255

properties 252

property types 276

requirements for JSP 252

scope 259

serialized 255

support in JSP for 254

using serialized beans 255
java.io.Serializable 93
java.lang.Math 242
JavaServer Pages 15, 21, 166, 380

comparison with servlets 17

example 15
javax.servlet package 10
javax.servlet.http package 11
JMS server 22
JNDI server 22
j_password 146
j_security_check 146
JSP 237–238, 240–241, 244–249, 317

actions 171

comments 172

directives 167

expressions 170

forward 171, 225

getProperty 171, 269

include 171

usage 223

plugin 171

setProperty 171, 266

useBean 171, 258
JSP 2.0 353, 355, 359, 363–364, 371
JSP architecture models 18

model 1 18

model 2 18
JSP life-cycle methods

jspDestroy() 178

jspInit() 178

_jspService() 178
JSP life-cycle phases

compilation 176

example 178

loading and instantiation 177

phases 175

translation 176
JSP Model 2 architecture 116
JSP page 15

life-cycle methods 177

XML syntax 211
JSP page scopes 207
JSP page translation

rules 189
JSP script 237
JSP scriptlets 169
JSP syntax elements 166
JspContext 355–356, 358, 361–362, 372, 374
jspDestroy() 178
JspException 319
JspFragment 356–357, 362–363, 369, 372, 374
jspInit() 178
JspPage 177
_jspService() 178
JspTag 355–356
JspTagException 319
jsp-version 312
JspWriter 239, 355, 357, 362–363, 369–370, 374
JSTL 237
j_username 146

L

language attribute 184
large-icon 312–313
lazy loading 47
lib directory 69
life-cycle methods

JSP 177

Servlet 45
listener configuration 90
listener interfaces. See listeners
listeners 85, 88, 312

HttpSessionActivationListener 94

HttpSessionAttributeListener 86–87

ServletContextListener 88–89
load balancing 92
loading and instantiation JSP phases 177
logical

conjunction 243

disjunction 243

expressions 243

inversion 243

operators 236, 241, 501

M

malicious code 141
mapping

filter 107

JSP page to servlet 204

URL to servlet 75–76
:method attribute 35
MIME type 53
MIME Type Mapping 71, 238, 355–356
mime-mapping

example 72, 410
mod 242
model 1 architecture 18
model 2 architecture 18
model-view-controller 116, 385–387, 391
mutating JavaBeans 266
MVC. See model-view-controller

N

name 267, 313, 315
name-from-attribute 366
nested custom tags 297, 343
newInstance() 46
non-empty tag 328
non-root relative URI 287

O

operators 236–237, 240–243, 249, 501
OPTIONS 25
out 203
out-of-process servlet container 7
output stream 41, 199, 237

P

page directive 167

attributes 181

autoFlush attribute 184

buffer attribute 184

contentType attribute 185

errorPage attribute 182

extends attribute 184

import attribute 182

info attribute 185

isErrorPage attribute 182

language attribute 184

pageEncoding attribute 185

session attribute 182
page implicit variable 202
page relative URI 288
page scopes 207, 209
PageContext 355–356, 372

findAttribute() 210

forward() 203

getAttribute() 210

getAttributeNamesInScope() 210

getAttributesScope() 210

include() 203

removeAttribute() 210

setAttribute() 210
pageContext 202, 236, 238–239, 241
PageData 347
page-encoding 367
pageEncoding attribute 185
PAGE_SCOPE 210
pageScope 236, 238, 500
param 236, 239–240, 248, 267, 500
<param> 226
paramValues 236, 239–241, 500
passive resources 22
path info 77
paths, context, servlet info 76
<plugin> 20, 171
POST 25, 33

features 33
prefix 359, 361, 364–372, 374
prefix attribute 293
preinitializing 47
preloading. See preinitializing
presentation logic 237
PrintWriter

flush() 44

generating HTML 40

usage 40
programmatic security 156

example 156
property access 241
property attribute 267
property files 53
proxy server 121
public-key cryptography 142
PUT 26

R

Reader 362, 369–370
readObject() 93
redirecting request 44
relational expressions 243
relative path 54
release() 321, 323
reload() 33
removeAttribute() 210
removeValue() 339
request headers, retreiving 38–39
request implicit variable 202

redirecting 44
request scope 55, 208, 210, 236, 239, 241, 500
request URI, paths 76
RequestDispatcher 57–58

forward() 57

include() 57
request-time attribute expressions

usage 194
required attribute 315
resource moved permanently 45
resource not found 45
response header

Date 43

Expires 43

Last-Modified 43

names 43

Refresh 43

setting 43
response implicit variable 202

sending 40
ROOT directory 71
root element 212
root relative URI 287
<root> 212
rtexprvalue 315, 360, 362, 368, 372

S

scope attributes 238–239
scopes 207, 259

application 207

bean variable 265

page 207, 209

request 208

session 207
scripting elements 168, 171

usage 189
scriptless 362, 367, 373
<scriptlet> 213
scriptlets 169, 237

conditional and iterative 191

JSP 20, 169

JSP syntax 166

order in JSP 190

printing HTML 169

translated as 189

variable initialization 191

XML syntax 213
secrecy attacks 142
Secure Socket Layer 145
sendError() 45
sendRedirect() 44
Serializable 93
serialized beans, usage 262–263
server extensions 5
server-side includes 15
service(), overloading 35
Servlet 10

destroy() 48

init() 46

service() 47
servlet

container 5

relationship with Servlet API 10

types 5

context

initialization parameters 85

destroyed state 48

destroying 48

Hello World example 8

in deployment descriptor 50

initialization parameters 85

initialized state 46

initializing 46

instantiating 46

life cycle 45

methods 48

loaded state 46

loading 46

mapping 75–76

path 77

identification 77

pre-initializing 47

request processing 35

servicing state 47

state transition 48

unloaded state 48

unloading 48
Servlet API 10, 36

advantages and disadvantages 12
ServletConfig 50, 85, 204

example 51

getInitParameter() 50, 74

getInitParameterNames() 50

getServletContext() 50

getServletName() 50

methods 50
ServletContext 53, 84, 239

distributed environment 92

getInitParameter() 84

getInitParameterNames() 84, 86

getNamedDispatcher() 58

getRealPath() 54

getRequestDispatcher() 57

getResource() 53

getResourceAsStream() 53

initialization 84
ServletContextAttributeEvent 92
ServletContextAttributeListener

attributeAdded() 87

attributeRemoved() 87

attributeReplaced() 87

methods 87
ServletContextEvent 89
ServletContextListener 88–89

contextDestroyed() 88–89

contextInitialized() 88–89

example 88
ServletOutputStream 41
ServletRequest 11, 37, 239

getParameter() 37

getParameterNames() 37

getParameterValues() 37

getRequestDispatcher() 57

use 37
ServletRequestWrapper 110
ServletResponse 11, 40

getOutputStream() 41

getWriter() 40

setContentType() 42
ServletResponseWrapper 110
session 120, 201

accessibility 124

attribute 182

cookies 132

establishing 121

identifier 121

implementation 131

listener interfaces 124

scope 55, 207

timeout 122, 130, 132

URL rewriting 133
session ID 121
sessionCreated() 126
sessionDestroyed() 126
sessionDidActivate() 129
SESSION_SCOPE 210
sessionScope 236, 239, 500
sessionWillPassivate() 129
setAttribute() 56, 123, 210
setBodyContent() 333–334
setContentType() 42
setDateHeader() 43
setDynamicAttribute() 359–361, 372–373
setHeader() 43
setIntHeader() 43
setJspBody() 355
setJspContext() 355, 375, 471
setMaxInactiveInterval() 131
setPageContext() 321, 355
setParent() 321, 355, 375, 471
setProperty()

attributes 266

automatic type conversion 277

name 267

param 267

property 267

setting from request parameters 268

value 267
<setProperty> 266

using request parameters 268

wild card 269
setValue() 338
short-name element 312
SimpleTag 353–357, 369, 371–375, 471

example 359

processing body content 362–364
SimpleTagSupport 353–358, 360, 371–372, 374
SKIP_BODY 321–322, 354, 373
SKIP_PAGE 321, 323
small-icon 312–313, 367
sniffing 141–142
spoofing 142
SSI 15
SSL 145
standalone servlet container 6
state 120
stateless protocol 23
static attribute 360–361
static inclusion 220
status codes, sending 45

T

Tag 318, 352–359, 372

body content 362–363

directives 366–368

jsp:invoke 369

TLDs 365
tag 312–313, 320

doEndTag() 320, 322

doStartTag() 320, 322

EVAL_BODY_INCLUDE 321–322

EVAL_PAGE 321, 323

extension API 318

file 352, 364–374

files 352–353, 363–371, 374

getParent() 320–321

handlers 286, 355, 369, 371–372

tag files 352–353, 364–365

release() 321, 323

setPageContext() 321

setParent() 321

SKIP_BODY 321–322

SKIP_PAGE 321, 323
tag library 287

descriptor 236, 245, 247, 249, 287, 310

DTD 311

example 310

location 289

resolution 291
tag-class 313
tagdependent 317, 362–363, 367, 373
tagdir 364–368, 370–371, 374
TagExtraInfo 347
taglib 245–248, 358–361, 373–374

directive 167, 288

prefix 293

explicit mapping 290

location 312

map 290–291

SimpleTag 354

subelements 311–312

tag files 364–371

uri 312
taglib-location 290
TagLibraryValidator 347
taglib-uri 290
TagSupport 319, 338, 355–356, 374

findAncestorWithClass() 338

getValue() 339

methods 338

removeValue() 339

setValue() 338
TagVariableInfo 347
tei-class 313
<text>, example 212
throwable 206
TLD 246, 248–249, 353, 358–363, 365–368, 371–372

Resource Path 290
See also tag library, descriptor
tlib-version 245–246, 312
Tomcat 8

configuring users 146

installation 403, 407
tomcat-users.xml 146
TRACE 25
translation phase 176
translation units 174
transport-guarantee 151

CONFIDENTIAL 151

INTEGRAL 151

NONE 151
trojan horse 141
TryCatchFinally 347
type attribute 259, 315
types of URIs 287

U

unauthorized access 45
uniform resource identifier 23
URI 23, 241, 244, 246–249, 312

absolute 287

non-root relative 287

path 58

root relative 287

types 287
URL 23
URL rewriting 121, 133

example 135
URN 23
useBean

attributes 258

attributes usage 260

beanName 260

class 259

id 259

scope 259

type 259

typecast problem 261
<useBean> 258

type attribute 264
user configuration 146
user data constraint 149

example 152

V

validator 312
value 267
value object 397
valueBound() 125
valueUnbound() 125
variable directive 366
variable element 313
variable initialization 191
varReader 369–370
virus 141

W

war. See web archive
web application 22, 90

directory structure 68

document root 68

in distributed environment 92

properties 90

server 22

WEB-INF 69
web archive 70

creation 70
web browser, HTTP methods 32
web container 237, 245, 353–354, 371, 375, 471

SimpleTag 355–356, 358–361

tag files 364–368

TLDs 246–247
web resource collection 149

example 150
web server 4–5
web site attacks 141

availability attacks 142

denial of service attacks 142

integrity attacks 142

secrecy attacks 142
webapps directory 68
WEB-INF 69

classes 69

lib 69

web.xml 70
web.xml 46, 70, 244, 246–248

servlet example 50
well-known URIs 290
worm 141
wrapper classes 106

usage 110
writeObject() 93

X

XML 237, 244–245
XML Name Space 213
XML syntax for JSP pages 211

actions 214

comments 214

directives 213

root 212

scripting elements 213

text 214
xmlns 212

Z

zip file 69