{\rtf1\ansi\ansicpg1252\uc1
\deff11\deflang1033\deflangfe1033{\fonttbl{\f0\froman\fcharset0\fprq2{\*\panose
02020603050405020304}Times New Roman;}{\f1\fswiss\fcharset0\fprq2{\*\panose
020b0604020202020204}Arial;}
{\f2\fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier
New;}{\f3\froman\fcharset2\fprq2{\*\panose
05050102010706020507}Symbol;}{\f11\fswiss\fcharset0\fprq2{\*\panose
00000000000000000000}MS Sans Serif;}
{\f14\fnil\fcharset2\fprq2{\*\panose
05000000000000000000}Wingdings;}{\f34\froman\fcharset238\fprq2 Times New Roman
CE;}{\f35\froman\fcharset204\fprq2 Times New Roman
Cyr;}{\f37\froman\fcharset161\fprq2 Times New Roman Greek;}
{\f38\froman\fcharset162\fprq2 Times New Roman
Tur;}{\f39\froman\fcharset177\fprq2 Times New Roman
(Hebrew);}{\f40\froman\fcharset178\fprq2 Times New Roman
(Arabic);}{\f41\froman\fcharset186\fprq2 Times New Roman Baltic;}
{\f42\fswiss\fcharset238\fprq2 Arial CE;}{\f43\fswiss\fcharset204\fprq2 Arial
Cyr;}{\f45\fswiss\fcharset161\fprq2 Arial Greek;}{\f46\fswiss\fcharset162\fprq2
Arial Tur;}{\f47\fswiss\fcharset177\fprq2 Arial (Hebrew);}
{\f48\fswiss\fcharset178\fprq2 Arial (Arabic);}{\f49\fswiss\fcharset186\fprq2
Arial Baltic;}{\f50\fmodern\fcharset238\fprq1 Courier New
CE;}{\f51\fmodern\fcharset204\fprq1 Courier New
Cyr;}{\f53\fmodern\fcharset161\fprq1 Courier New Greek;}
{\f54\fmodern\fcharset162\fprq1 Courier New Tur;}{\f55\fmodern\fcharset177\fprq1
Courier New (Hebrew);}{\f56\fmodern\fcharset178\fprq1 Courier New
(Arabic);}{\f57\fmodern\fcharset186\fprq1 Courier New
Baltic;}}{\colortbl;\red0\green0\blue0;
\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;
\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}{\stylesheet{\ql
\li0\ri0\widctlpar\faauto\adjustright\rin0\lin0\itap0
\f11\fs20\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 \snext0 Normal;}{
\s1\ql \li0\ri0\sb240\sa60\keepn\widctlpar\faauto\adjustright\rin0\lin0\itap0
\b\f1\fs28\lang1033\langfe1033\kerning28\cgrid\langnp1033\langfenp1033
\sbasedon0 \snext0 heading 1;}{
\s2\ql \li0\ri0\sb240\sa60\keepn\widctlpar\faauto\adjustright\rin0\lin0\itap0
\b\i\f1\fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 \sbasedon0
\snext0 heading 2;}{\s3\ql
\li0\ri0\sb240\sa60\keepn\widctlpar\faauto\adjustright\rin0\lin0\itap0
\f1\fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 \sbasedon0 \snext0
heading 3;}{\s5\ql
\li0\ri0\keepn\widctlpar\aspalpha\aspnum\faauto\outlinelevel4\adjustright\rin0\lin0\itap0
\b\f1\fs16\lang1033\langfe1033\cgrid\langnp1033\langfenp1033
\sbasedon0 \snext0 heading 5;}{\*\cs10 \additive Default Paragraph
Font;}{\*\cs15 \additive \ul\cf2 \sbasedon10 Hyperlink;}{\*\cs16 \additive
\ul\cf12 \sbasedon10
FollowedHyperlink;}}{\*\listtable{\list\listtemplateid67698719{\listlevel\levelnfc0
\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'02\'00.;}{\levelnumbers\'01;}\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1 \fi-360\li360\jclisttab\tx360
}{\listlevel\levelnfc0\levelnfcn0\leveljc0
\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'04\'00.\'01.;}{\levelnumbers\'01\'03;}\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1 \fi-432\li792\jclisttab\tx792
}{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0
\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'06\'00.\'01.\'02.;}{\levelnumbers\'01\'03\'05;}\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1 \fi-504\li1224\jclisttab\tx1224
}{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0
\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'08\'00.\'01.\'02.\'03.;}{\levelnumbers\'01\'03\'05\'07;}\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1 \fi-648\li1728\jclisttab\tx1728
}{\listlevel\levelnfc0\levelnfcn0\leveljc0
\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'0a\'00.\'01.\'02.\'03.\'04.;}{\levelnumbers\'01\'03\'05\'07\'09;}\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1 \fi-792\li2232\jclisttab\tx2232
}{\listlevel\levelnfc0
\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'0c\'00.\'01.\'02.\'03.\'04.\'05.;}{\levelnumbers\'01\'03\'05\'07\'09\'0b;}\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1 \fi-936\li2736\jclisttab\tx2736 }
{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'0e\'00.\'01.\'02.\'03.\'04.\'05.\'06.;}{\levelnumbers\'01\'03\'05\'07\'09\'0b\'0d;}\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1
\fi-1080\li3240\jclisttab\tx3240
}{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'10\'00.\'01.\'02.\'03.\'04.\'05.\'06.\'07.;}{\levelnumbers\'01\'03\'05\'07\'09\'0b\'0d\'0f;}\chbrdr
\brdrnone\brdrcf1 \chshdng0\chcfpat1\chcbpat1 \fi-1224\li3744\jclisttab\tx3744
}{\listlevel\levelnfc0\levelnfcn0\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext
\'12\'00.\'01.\'02.\'03.\'04.\'05.\'06.\'07.\'08.;}{\levelnumbers\'01\'03\'05\'07\'09\'0b\'0d\'0f\'11;}\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1 \fi-1440\li4320\jclisttab\tx4320 }{\listname
;}\listid60950839}{\list\listtemplateid-982455026
\listhybrid{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0{\leveltext\leveltemplateid67698689\'01\u-3913
?;}{\levelnumbers;}\f3\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1\fbias0
\fi-360\li1080\jclisttab\tx1080
}{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0{\leveltext\leveltemplateid67698691\'01o;}{\levelnumbers;}\f2\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1\fbias0 \fi-360\li1800\jclisttab\tx1800
}{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0{\leveltext\leveltemplateid67698693\'01\u-3929
?;}{\levelnumbers;}\f14\chbrdr
\brdrnone\brdrcf1 \chshdng0\chcfpat1\chcbpat1\fbias0
\fi-360\li2520\jclisttab\tx2520
}{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0{\leveltext\leveltemplateid67698689
\'01\u-3913 ?;}{\levelnumbers;}\f3\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1\fbias0 \fi-360\li3240\jclisttab\tx3240
}{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0{\leveltext
\leveltemplateid67698691\'01o;}{\levelnumbers;}\f2\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1\fbias0 \fi-360\li3960\jclisttab\tx3960
}{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0
{\leveltext\leveltemplateid67698693\'01\u-3929
?;}{\levelnumbers;}\f14\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1\fbias0 \fi-360\li4680\jclisttab\tx4680
}{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1
\levelspace360\levelindent0{\leveltext\leveltemplateid67698689\'01\u-3913
?;}{\levelnumbers;}\f3\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1\fbias0 \fi-360\li5400\jclisttab\tx5400
}{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0
\levelstartat1\levelspace360\levelindent0{\leveltext\leveltemplateid67698691\'01o;}{\levelnumbers;}\f2\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1\fbias0 \fi-360\li6120\jclisttab\tx6120
}{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0
\levelfollow0\levelstartat1\levelspace360\levelindent0{\leveltext\leveltemplateid67698693\'01\u-3929
?;}{\levelnumbers;}\f14\chbrdr\brdrnone\brdrcf1
\chshdng0\chcfpat1\chcbpat1\fbias0 \fi-360\li6840\jclisttab\tx6840 }{\listname
;}\listid1808820316}}
{\*\listoverridetable{\listoverride\listid60950839\listoverridecount0\ls1}{\listoverride\listid1808820316\listoverridecount0\ls2}}{\info{\title
1 The Servlet Model}{\author miftah}{\operator
miftah}{\creatim\yr2001\mo9\dy25\min46}
{\revtim\yr2001\mo12\dy8\hr19\min47}{\version16}{\edmins88}{\nofpages5}{\nofwords5627}{\nofchars-32766}{\*\company
}{\nofcharsws0}{\vern8247}}\margl720\margr720
\widowctrl\ftnbj\aendnotes\aftnstart0\hyphhotz0\aftnnar\noxlattoyen\expshrtn\noultrlspc\dntblnsbdb\nospaceforul\lytprtmet\hyphcaps0\horzdoc\dghspace120\dgvspace120\dghorigin1701\dgvorigin1984\dghshow0\dgvshow3
\jcompress\viewkind4\viewscale150\pgbrdrhead\pgbrdrfoot\nolnhtadjtbl \fet0\sectd
\linex0\endnhere\sectdefaultcl
{\*\pnseclvl1\pndec\pnprev1\pnstart1\pnindent720\pnhang}{\*\pnseclvl2\pndec\pnprev1\pnstart1\pnindent720\pnhang{\pntxtb
.}}{\*\pnseclvl3
\pndec\pnprev1\pnstart1\pnindent720\pnhang{\pntxtb
.}}{\*\pnseclvl4\pndec\pnprev1\pnstart1\pnindent720\pnhang{\pntxtb
.}}{\*\pnseclvl5\pndec\pnprev1\pnstart1\pnindent720\pnhang{\pntxtb
.}}{\*\pnseclvl6\pndec\pnprev1\pnstart1\pnindent720\pnhang{\pntxtb .}}
{\*\pnseclvl7\pndec\pnprev1\pnstart1\pnindent720\pnhang{\pntxtb
.}}{\*\pnseclvl8\pndec\pnprev1\pnstart1\pnindent720\pnhang{\pntxtb
.}}{\*\pnseclvl9\pndec\pnprev1\pnstart1\pnindent720\pnhang{\pntxtb
.}}\pard\plain
\s5\ql
\li0\ri0\keepn\widctlpar\aspalpha\aspnum\faauto\outlinelevel4\adjustright\rin0\lin0\itap0
\b\f1\fs16\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\fs18\cf9 Servlet
Study Guide}{ }{\i\fs14 for the Sun Certified Web Component Developer Exam}{
\par }\pard\plain \ql
\fi360\li0\ri0\widctlpar\faauto\adjustright\rin0\lin0\itap0
\f11\fs20\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\b\f1\fs14
Version}{\f1\fs14 : 1.1
\par }{\b\f1\fs14 Author}{\f1\fs14 : Miftah Khan (}{\field\flddirty{\*\fldinst
{\f1\fs14 HYPERLINK "mailto:miftahk@yahoo.com" }{\f1\fs14 {\*\datafield
00d0c9ea79f9bace118c8200aa004ba90b0200000017000000120000006d00690066007400610068006b0040007900610068006f006f002e0063006f006d000000e0c9ea79f9bace118c8200aa004ba90b320000006d00610069006c0074006f003a006d00690066007400610068006b0040007900610068006f006f002e00
63006f006d0000000000000000000000}}}{\fldrslt {\cs15\f1\fs14\ul\cf2
miftahk@yahoo.com}}}{\f1\fs14 )
\par }{\b\f1\fs14 Last Updated}{\f1\fs14 : October 1, 2001
\par }{\b\f1\fs14 Changes Since Version 1.0}{\f1\fs14 :
\par {\listtext\pard\plain\f3\fs14 \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard
\ql
\fi-360\li1080\ri0\widctlpar\jclisttab\tx1080\faauto\ls2\adjustright\rin0\lin1080\itap0
{\f1\fs14
Items 1.6.3.2 (getNamedDispatcher) and 1.6.3.3 (getRequestDispatcher) have been
corrected
\par {\listtext\pard\plain\f3\fs14 \loch\af3\dbch\af0\hich\f3 \'b7\tab}Section
3.6 (HttpSessionActivationListener) has been corrected and moved to Section 5.5
\par }\pard \ql
\fi-810\li1170\ri0\widctlpar\faauto\adjustright\rin0\lin1170\itap0 {\b\f1\fs14
Notes}{\f1\fs14 :
\par {\listtext\pard\plain\f3\fs14 \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard
\ql
\fi-360\li1080\ri0\widctlpar\jclisttab\tx1080\faauto\ls2\adjustright\rin0\lin1080\itap0
{\f1\fs14 I had originally pr
epared these notes as a study aid for myself for the SCWCD Exam. But after
witnessing the caring and sharing nature of fellow Java developers on the
}{\field\flddirty{\*\fldinst {\f1\fs14 HYPERLINK "http://www.javaranch.com"
}{\f1\fs14 {\*\datafield
00d0c9ea79f9bace118c8200aa004ba90b0200000017000000120000007700770077002e006a00610076006100720061006e00630068002e0063006f006d000000e0c9ea79f9bace118c8200aa004ba90b3400000068007400740070003a002f002f007700770077002e006a00610076006100720061006e00630068002e00
63006f006d002f0000000000000000000000}}}{\fldrslt {\cs15\f1\fs14\ul\cf2
www.javaranch.com}}}{\f1\fs14 website, I was moved, and decided to make my
notes available to others.
\par {\listtext\pard\plain\f3\fs14 \loch\af3\dbch\af0\hich\f3 \'b7\tab}These
notes cover Version 2.3 of the Servlet Specification.
\par {\listtext\pard\plain\f3\fs14 \loch\af3\dbch\af0\hich\f3 \'b7\tab}The notes
below are numbered such that they correspond to Sun\rquote s stated objectives
for the SCWCD Exam (}{\field\flddirty{\*\fldinst {\f1\fs14
HYPERLINK "http://suned.sun.com/US/certification/java/exam_objectives.html"
}{\f1\fs14 {\*\datafield
00d0c9ea79f9bace118c8200aa004ba90b02000000170000004000000068007400740070003a002f002f00730075006e00650064002e00730075006e002e0063006f006d002f00550053002f00630065007200740069006600690063006100740069006f006e002f006a006100760061002f006500780061006d005f006f00
62006a0065006300740069007600650073002e00680074006d006c000000e0c9ea79f9bace118c8200aa004ba90b8000000068007400740070003a002f002f00730075006e00650064002e00730075006e002e0063006f006d002f00550053002f00630065007200740069006600690063006100740069006f006e002f006a
006100760061002f006500780061006d005f006f0062006a0065006300740069007600650073002e00680074006d006c0000000000000000000000}}}{\fldrslt
{\cs15\f1\fs14\ul\cf2
http://suned.sun.com/US/certification/java/exam_objectives.html}}}{\f1\fs14 )
\par {\listtext\pard\plain\f3\fs14 \loch\af3\dbch\af0\hich\f3 \'b7\tab}Please
feel free to forward any comments to my email address above. And I sincerely
apologize in advance if there are any errors.
\par {\listtext\pard\plain\f3\fs14 \loch\af3\dbch\af0\hich\f3 \'b7\tab}My
thoughts and lessons-learned from the SCWCD Exam can be found at
}{\field{\*\fldinst {\f1\fs14 HYPERLINK
"http://www.javaranch.com/ubb/Forum18/HTML/000171.html" }{\f1\fs14
{\*\datafield
00d0c9ea79f9bace118c8200aa004ba90b02000000170000003600000068007400740070003a002f002f007700770077002e006a00610076006100720061006e00630068002e0063006f006d002f007500620062002f0046006f00720075006d00310038002f00480054004d004c002f003000300030003100370031002e00
680074006d006c000000e0c9ea79f9bace118c8200aa004ba90b6c00000068007400740070003a002f002f007700770077002e006a00610076006100720061006e00630068002e0063006f006d002f007500620062002f0046006f00720075006d00310038002f00480054004d004c002f003000300030003100370031002e
00680074006d006c000000}}}{\fldrslt {\cs15\f1\fs14\ul\cf2
http://www.javaranch.com/ubb/Forum18/HTML/000171.html}}}{\f1\fs14 .
\par }\pard \ql \li0\ri0\widctlpar\brdrb\brdrs\brdrw15\brsp20
\faauto\adjustright\rin0\lin0\itap0 {\b\f0\fs12
\par }\pard \ql \li0\ri0\widctlpar\faauto\adjustright\rin0\lin0\itap0
{\b\f0\fs12
\par {\listtext\pard\plain\b\fs12 \hich\af0\dbch\af0\loch\f0 1.\tab}}\pard \ql
\fi-360\li360\ri0\widctlpar\jclisttab\tx360\faauto\ls1\adjustright\rin0\lin360\itap0
{\b\f0\fs12 The Servlet Model
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.1.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12
Identify corresponding method in HttpServlet class for each of the following
HTTP methods:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.1.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 GET: protected void }{\b\f0\fs12 doGet}{\f0\fs12
(HttpServletRequest req, HttpServletResponse res) throws ServletException,
IOException
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.1.2.\tab}POST:
protected void }{\b\f0\fs12 doPost}{\f0\fs12 (HttpServletRequest req,
HttpServletResponse res) throws ServletException, IOException
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.1.3.\tab}PUT:
protected void }{\b\f0\fs12 doPut}{\f0\fs12 (HttpServletRequest req,
HttpServletResponse res) throws ServletException, IOException
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 GET, POST and HEAD
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Identify triggers that might cause a browser to use:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
GET: (a) typing url directly into a browser, (b) clicking on a hyperlink, (c)
submitting html form with \lquote method=get\rquote or no method attribute
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.1.2.\tab}POST:
(a) submitting html form with \lquote method=post\rquote
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.1.3.\tab}HEAD:
(a) may be used by a browser to check modification time for purposes of caching
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Identify benefits or functionality of:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.2.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 GET:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.2.1.1.\tab}}\pard
\ql
\fi-792\li2232\ri0\widctlpar\jclisttab\tx2232\faauto\ls1\ilvl4\adjustright\rin0\lin2232\itap0
{\f0\fs12
designed for getting information (e.g. document, chart, results of query)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.2.1.2.\tab}can
include a query string (some servers limit this to about 240 characters) for
sending information to server
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.2.2.1.3.\tab}requested page can be bookmarked
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.2.2.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 POST:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.2.2.1.\tab}}\pard
\ql
\fi-792\li2232\ri0\widctlpar\jclisttab\tx2232\faauto\ls1\ilvl4\adjustright\rin0\lin2232\itap0
{\f0\fs12
designed for posting information (e.g. credit card #, info to be stored in a db)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.2.2.2.\tab}passes
all its data (of unlimited length) to server as part of its http request body
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.2.2.3.\tab}posts
cannot be bookmarked or, in some cases, even reloaded
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.2.2.4.\tab}hides
sensitive information from server log by including it in the message body
instead of the url query string
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.2.3.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 HEAD:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.2.3.1.\tab}}\pard
\ql
\fi-792\li2232\ri0\widctlpar\jclisttab\tx2232\faauto\ls1\ilvl4\adjustright\rin0\lin2232\itap0
{\f0\fs12
sent by a client when it wants to see only the headers of the response, to
determine the document\rquote s size, modification time, or general
availability.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.2.2.3.2.\tab}The
service() method treats HEAD requests specially. It calls doGet with a modified
response object, which suppresses any output but retains headers.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12
For each of the following operations, identify the interface and method name
that should be used:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Retrieve HTML form parameters from the request:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 Enumeration ServletRequest.}{\b\f0\fs12 getParameterNames}{\f0\fs12
() - returns empty enum if no parameters
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.1.2.\tab}String
ServletRequest.}{\b\f0\fs12 getParameter}{\f0\fs12 (String name) - returns null
if does not exist
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.1.3.\tab}String[]
ServletRequest.}{\b\f0\fs12 getParameterValues}{\f0\fs12 (String name) - returns
null if does not exist
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Retrieve a servlet initialization parameter:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.2.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 Enumeration ServletConfig.}{\b\f0\fs12 getInitParameterNames}{\f0\fs12
() - returns empty enum if no init parameters
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.2.2.\tab}String
ServletConfig.}{\b\f0\fs12 getInitParameter}{\f0\fs12 (String name) - returns
null if does not exist
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.3.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Retrieve HTTP request header information:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.3.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 Enumeration HttpServletRequest.}{\b\f0\fs12 getHeaderNames}{\f0\fs12
() - returns empty enum if no headers
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.3.2.\tab}String
HttpServletRequest.}{\b\f0\fs12 getHeader}{\f0\fs12 (String name) - returns null
if does not exist
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.3.3.3.\tab}Enumeration HttpServletRequest.}{\b\f0\fs12 getHeaders}{\f0\fs12
(String name) - returns empty enum if no headers
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.3.4.\tab}long
getDateHeader(String name) - returns -1 if does not exist
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.3.5.\tab}int
getIntHeader(String name) - returns -1 if does not exist
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.4.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Set an HTTP response header; set the content type of the response
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.4.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 void HttpServletResponse.}{\b\f0\fs12 setHeader}{\f0\fs12
(String name, String value) - if header already exists, overwrites its value
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.4.2.\tab}void
HttpServletResponse.}{\b\f0\fs12 setIntHeader}{\f0\fs12 (String name, int value)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.4.3.\tab}void
HttpServletResponse.}{\b\f0\fs12 setDateHeader}{\f0\fs12 (String name, long
date)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.4.4.\tab}void
HttpServletResponse.}{\b\f0\fs12 addHeader}{\f0\fs12 (String name, String value)
- if header already exists, adds an additional value
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.4.5.\tab}void
HttpServletResponse.}{\b\f0\fs12 addIntHeader}{\f0\fs12 (String name, int value)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.4.6.\tab}void
HttpServletResponse.}{\b\f0\fs12 addDateHeader}{\f0\fs12 (String name, long
date)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.4.7.\tab}void
HttpServletResponse.}{\b\f0\fs12 setContentType}{\f0\fs12 (String type) \endash
if calling getWriter(), then setContentType should be called first
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.5.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Acquire a text stream for the response
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.5.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 PrintWriter ServletResponse.}{\b\f0\fs12 getWriter}{\f0\fs12
() throws IOException}{\i\f0\fs12 }{\f0\fs12 - character encoding may be set by
calling setContentType, which must be called before calling getWriter()
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.6.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Acquire a binary stream for the response
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.6.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 ServletOutputStream ServletResponse.}{\b\f0\fs12 getOutputStream}{
\f0\fs12 () throws IOException
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.7.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Redirect an HTTP request to another URL
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.7.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 void HttpServletResponse.}{\b\f0\fs12 sendRedirect}{\f0\fs12
(String location) throws IllegalStateException IOException
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.7.2.\tab}sets
status to SC_MOVE
D_TEMPORARILY, sets the Location header, and performs an implicit reset on the
response buffer before generating the redirect page; headers set before
sendRedirect() remain set
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.7.3.\tab}must be
called before response body is committed, else throws IllegalStateException
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.7.4.\tab}the path
may be relative or absolute
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.3.7.5.\tab}to
support clients without redirect capability, method writes a short response body
that contains a hyperlink to the new location; so do not write your own msg body
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12
Identify the interface and method to access values and resources and to set
object attributes within the following three Web scopes:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Request (Interfaces: }{\b\f0\fs12 ServletRequest and
HttpServletRequest}{
\f0\fs12 )
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 Enumeration ServletRequest.}{\b\f0\fs12 getAttributeNames}{\f0\fs12
() - returns empty enumeration if no attributes
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.2.\tab}Object
ServletRequest.}{\b\f0\fs12 getAttribute}{\f0\fs12 (String name) - returns null
if does not exist
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.3.\tab}void
}{\b\f0\fs12 setAttribute}{\f0\fs12 (String name, Object obj) - most often used
in conjunction with RequestDispatcher; attrib names should follow same
convention as pkg names
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.4.\tab}void
}{\b\f0\fs12 removeAttribute}{\f0\fs12 (String name)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.5.\tab}String
ServletRequest.}{\b\f0\fs12 getCharacterEncoding}{\f0\fs12 () - returns encoding
used in request body, or null if not specified
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.6.\tab}int
ServletRequest.}{\b\f0\fs12 getContentLength}{\f0\fs12 () - returns length of
request body or -1 if unknown
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.7.\tab}String
ServletRequest.}{\b\f0\fs12 getContentType}{\f0\fs12 () - returns mime type of
request body or null if unknown
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.8.\tab}String
ServletRequest.}{\b\f0\fs12 getProtocol}{\f0\fs12 () - returns protocol/version,
e.g. HTTP/1.1
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.9.\tab}String
ServletRequest.}{\b\f0\fs12 getScheme}{\f0\fs12 () - scheme used to make this
request, e.g. ftp, http, https
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.10.\tab}String
ServletRequest.}{\b\f0\fs12 getServerName}{\f0\fs12 ()
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.11.\tab}int
ServletRequest.}{\b\f0\fs12 getServerPort}{\f0\fs12 ()
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.12.\tab}String
HttpServletRequest.}{\b\f0\fs12 getAuthType}{\f0\fs12 () - e.g. BASIC, SSL, or
null if not protected
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.13.\tab}String
HttpServletRequest.}{\b\f0\fs12 getContextPath}{\f0\fs12 () - e.g.
\'93/myservlet\'94
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.14.\tab}String
HttpServletRequest.}{\b\f0\fs12 getMethod}{\f0\fs12 () - e.g. GET, POST, HEAD,
PUT
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.15.\tab}String
HttpServletRequest.}{\b\f0\fs12 getPathInfo}{\f0\fs12 () - returns extra path
info (string following servlet path but preceding query string); null if does
not exist
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.16.\tab}String
HttpServletRequest.}{\b\f0\fs12 getPathTranslated}{\f0\fs12 () - translates
extra path info to a real path on the server
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.17.\tab}String
HttpServletRequest.}{\b\f0\fs12 getQueryString}{\f0\fs12 () - returns query
string; null if does not exist
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.18.\tab}String
HttpServletRequest.}{\b\f0\fs12 getRemoteUser}{\f0\fs12 () - returns null if
user not authenticated
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.4.1.19.\tab}Principal HttpServletRequest.}{\b\f0\fs12
getUserPrincipal}{\f0\fs12 () - returns null if user not authenticated
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.20.\tab}String
HttpServletRequest.}{\b\f0\fs12 getRequestURI}{\f0\fs12 () - e.g. if request is
\'93POST /some/path.html HTTP/1.1\'94, then returns \'93/some/path.html\'94
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.1.21.\tab}String
HttpServletRequest.}{\b\f0\fs12 getServletPath}{\f0\fs12 () - returns servlet
path and name, but no extra path info
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.4.1.22.\tab}HttpSession HttpServletRequest.}{\b\f0\fs12 getSession}{\f0\fs12
(boolean create)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.4.1.23.\tab}HttpSession HttpServletRequest.}{\b\f0\fs12 getSession}{\f0\fs12
() - calls getSession(true)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Session (Interface: }{\b\f0\fs12 HttpSession}{\f0\fs12 )
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.2.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 Enumeration HttpSession.}{\b\f0\fs12 getAttributeNames}{\f0\fs12
() - returns empty enumeration if no attributes; IllegalStateException if
session invalidated
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.2.2.\tab}Object
HttpSession.}{\b\f0\fs12 getAttribute}{\f0\fs12 (String name) - returns null if
no such object
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.2.3.\tab}void
HttpSession.}{\b\f0\fs12 setAttribute}{\f0\fs12 (java.lang.String name,
java.lang.Object value)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.2.4.\tab}void
HttpSession.}{\b\f0\fs12 removeAttribute}{\f0\fs12 (java.lang.String name)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.2.5.\tab}String
HttpSession.}{\b\f0\fs12 getId}{\f0\fs12 () - returns unique session identifier
assigned by servlet container
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.2.6.\tab}long
HttpSession.}{\b\f0\fs12 getLastAccessedTime}{\f0\fs12 () - time when client
last sent a request associated with this session
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.2.7.\tab}int
HttpSession.}{\b\f0\fs12 getMaxInactiveInterval}{\f0\fs12 () - returns number of
seconds this session remains open between client requests; -1 if session should
never expire
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.2.8.\tab}void
HttpSession.}{\b\f0\fs12 setMaxInactiveInterval}{\f0\fs12 (int interval)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.3.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Context (Interface: }{\b\f0\fs12 ServletContext}{\f0\fs12 )
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.3.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 Enumeration }{\b\f0\fs12 getAttributeNames}{\f0\fs12
() - Returns an Enumeration containing the attribute names available within this
servlet context.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.3.2.\tab}Object
}{\b\f0\fs12 getAttribute}{\f0\fs12 (String name) - Returns the servlet
container attribute with the given name, or null if there is no attribute by
that name.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.3.3.\tab}void
}{\b\f0\fs12 setAttribute}{\f0\fs12 (String name, java.lang.Object object) -
Binds an object to a given attribute name in this servlet context.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.3.4.\tab}void
}{\b\f0\fs12 removeAttribute}{\f0\fs12 (String name) - Removes the attribute
with the given name from the servlet context.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.4.3.5.\tab}ServletContext }{\b\f0\fs12 getContext}{\f0\fs12 (String uripath) -
Returns a ServletContext object that corresponds to a specified URL on the
server.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.3.6.\tab}String
}{\b\f0\fs12 getInitParameter}{\f0\fs12 (String name) - Returns a String
containing the value of the named context-wide initialization parameter, or null
if does not exist.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.4.3.7.\tab}Enumeration }{\b\f0\fs12 getInitParameterNames}{\f0\fs12 () -
Returns names of the context's initialization parameters as Enumeration of
String objects
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.3.8.\tab}int
}{\b\f0\fs12 getMajorVersion}{\f0\fs12 () - Returns the major version of the
Java Servlet API that this servlet container supports.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.3.9.\tab}int
}{\b\f0\fs12 getMinorVersion}{\f0\fs12 () - Returns the minor version of the
Servlet API that this servlet container supports.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.3.10.\tab}String
}{\b\f0\fs12 getMimeType}{\f0\fs12 (String file) - Returns the MIME type of the
specified file, or null if the MIME type is not known.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.4.3.11.\tab}RequestDispatcher }{\b\f0\fs12 getNamedDispatcher}{\f0\fs12
(String name) - Returns a RequestDispatcher object that acts as a wrapper for
the named servlet.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.4.3.12.\tab}RequestDispatcher }{\b\f0\fs12 getRequestDispatcher}{\f0\fs12
(String path) - Returns a RequestDispatcher object that acts as a wrapper for
the resource located at the given path.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.3.13.\tab}String
}{\b\f0\fs12 getRealPath}{\f0\fs12 (String path) - Returns a String containing
the real path for a given virtual path.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.4.3.14.\tab}java.net.URL }{\b\f0\fs12 getResource}{\f0\fs12 (String path) -
Returns a URL to the resource that is mapped to a specified path.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.4.3.15.\tab}InputStream }{\b\f0\fs12 getResourceAsStream}{\f0\fs12 (String
path) - Returns the resource located at the named path as an InputStream object.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.4.3.16.\tab}String
}{\b\f0\fs12 getServerInfo}{\f0\fs12 () - Returns the name and version of the
servlet container on which the servlet is running.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12
For each of the following life-cycle method, identify its purpose and how and
when it is invoked:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 public void init() throws ServletException:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
called after server constructs the servlet instance and before the server
handles any requests
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.1.2.\tab}d
epending on the server and web app configuration, init() may be called at any of
these times: (a) when server starts, (b) when the servlet is first requested,
just before the service() method is invoked, (c) at the request of the server
administrator
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.1.3.\tab}if
servlet specifies in its web.xml file, then upon server
startup, the server will create an instance of the servlet and call its init()
method.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.5.1.4.\tab}typically used to perform servlet initialization, e.g. loading
objects used by servlet to handle requests, reading in servlet init parameters,
starting a background thread.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.1.5.\tab}servlet
cannot be placed into service if init method throws ServletException or does not
return within a server-defined time period
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.1.6.\tab}init()
can only be called once per servlet instance
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 public void service() throws ServletException, IOException:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.2.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
called by the servlet container to allow the servlet to respond to a request.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.2.2.\tab}this
method is only called after the servlet's init() method has completed
successfully.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.2.3.\tab}
servlets typically run inside multithreaded servlet containers that can handle
multiple requests concurrently. developers must be aware to synchronize access
to any shared resources such as files and network
connections, as well as the servlet's class and instance variables.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.3.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 public void destroy():
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.3.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
called after the servlet has been taken out of service and all pending requests
to the servlet have been completed or timed out
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.3.2.\tab}gives
the s
ervlet an opportunity to clean up any resources that are being held (for
example, memory, file handles, threads) and make sure that any persistent state
is synchronized with the servlet's current state in memory
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.3.3.\tab}calling
super.destroy() causes GenericServlet.destroy() to write a note to the log that
the servlet is being destroyed
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.5.3.4.\tab}destroy()called once per servlet instance; destroy() not called if
server crashes, so should save state (if needed) periodically after servicing
requests
\par {\listtext\pard\plain\b\fs12 \hich\af0\dbch\af0\loch\f0 1.5.4.\tab}}\pard
\ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\b\f0\fs12 Note}{\f0\fs12 : servlet reloading
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.4.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
most servers automatically reload a servlet after its class file (under servlet
dir, e.g. WEB-INF/classes) changes. when a server dispatches a request to a
servlet, it first checks whether the servlet\rquote s class file has change
d on disk. If it has, then the server creates a new custom class loader, and
reloads the entire web application context.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.5.4.2.\tab}class
reloading is not based on support class changes or on changes in classes found
in the server\rquote s classpath, which are loaded by the core, primordial class
loader.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 Use a RequestDispatcher to include or forward to a Web resource
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 include:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
public void include(ServletRequest request, ServletResponse response) throws
ServletException, IOException
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.1.2.\tab}Includes
the content of a resource (servlet, JSP page, HTML file) in the response. In
essence, this method enables programmatic server-side includes.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.1.3.\tab}The
ServletRequest object has its path elements (e.g. attributes request_uri,
context_path, and servlet_path) and parameters remain unchanged from the
caller's.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.1.4.\tab}The
included servlet cannot change the response status code or set headers; any
attempt to make a change is ignored.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.1.5.\tab}The
request and response parameters must be the same objects as were passed to the
calling servlet's service method.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.1.6.\tab}The
included resource must use the same output mechanism (e.g. PrintWriter or
ServletOutputStream) as the caller\rquote s
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.6.1.7.\tab}Information can be passed to target using attached query string or
using request attributes set with setAttribute() method.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 forward:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.2.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
public void forward(ServletRequest request, ServletResponse response) throws
ServletException, IOException
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.2.2.\tab}
Forwards a request from a servlet to another resource (servlet, JSP file, or
HTML file) on the server. This method allows one servlet to do preliminary
processing of a request and another resource to generate the response. The
forwarding servlet generates
no output, but may set headers.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.2.3.\tab}The
ServletRequest object has its path attributes adjusted to match the path of the
target resource. Any new request parameters are added to the original.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.6.2.4.\tab}forward() should be called before the response has
been committed to the client (before response body output has been flushed). If
the response already has been committed, this method throws an
IllegalStateException. Uncommitted output in the response buffer is
automatically cleared before the forward.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.2.5.\tab}The
request and response parameters must be the same objects as were passed to the
calling servlet's service method.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.6.2.6.\tab}Information can be passed to target using attached query string or
using request attributes set with setAttribute() method.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
1.6.2.7.\tab}forwarding to an html page containing relative url\rquote
s included (e.g. tags) is a bad idea, because forward() does not notify
client about the directory from which the page is served, hence the links may be
broken. Instead, use sendRedirect().
\par {\listtext\pard\plain\b\fs12 \hich\af0\dbch\af0\loch\f0 1.6.3.\tab}}\pard
\ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\b\f0\fs12 Note}{\f0\fs12 : to get a request dispatcher object:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.3.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
public RequestDispatcher ServletRequest.getRequestDispatcher(String path) - path
may be relative, and cannot extend outside current servlet context
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.3.2.\tab}public
RequestDispatcher ServletContext.getNamedDispatcher(String name) - name is the
registered servlet name in web.xml file
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 1.6.3.3.\tab}public
RequestDispatcher ServletContext.getRequestDispatcher(String path) - accepts
only absolute paths, and not relative paths
\par {\listtext\pard\plain\b\fs12 \hich\af0\dbch\af0\loch\f0 2.\tab}}\pard \ql
\fi-360\li360\ri0\widctlpar\jclisttab\tx360\faauto\ls1\adjustright\rin0\lin360\itap0
{\b\f0\fs12 The Structure and Deployment of Modern Servlet Web Applications
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.1.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 Identify the following:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.1.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Structure of a Web Application
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.1.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
the following web application hierarchy is placed under a context root directory
within the server\rquote s webapps directory (or something similar, depending on
the server) :
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.1.1.1.1.\tab}}\pard
\ql
\fi-792\li2232\ri0\widctlpar\jclisttab\tx2232\faauto\ls1\ilvl4\adjustright\rin0\lin2232\itap0
{\f0\fs12
/[any files to be served to the client, e.g. index.html, images/banner.gif]
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
2.1.1.1.2.\tab}/WEB-INF/web.xml
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
2.1.1.1.3.\tab}/WEB-INF/lib/[any required jar files]
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
2.1.1.1.4.\tab}/WEB-INF/classes/[servlet and support class files in their
package hierarchies, e.g. com/mycorp/frontend/CorpServlet.class]
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.1.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Structure of a Web Archive file
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.1.2.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
this is a JAR archive of the Web Application structure above; it just has a WAR
extension so that people and tools know to treat it differently
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.1.2.2.\tab}a WAR
file can be placed in a server\rquote s webapps directory, and the server will
extract it on startup
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.1.3.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Name of Web App deployment descriptor: web.xml
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.1.4.\tab}Name of
directories where you place the following:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.1.4.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 Web App deployment descriptor: see 2.1.1.2
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.1.4.2.\tab}Web App
class file: see 2.1.1.4
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.1.4.3.\tab}Any
auxhiliary JAR files: see 2.1.1.3
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12
Identify the purpose or functionality for each of the following deployment
descriptor elements:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 servlet instance:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 \{servlet-name, servlet-class, init-param, etc.\}
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.1.2.\tab}declares
a servlet instance; included within tags
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 servlet name:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.2.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
2.2.2.2.\tab}registers the servlet under a specific name
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.3.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 servlet class:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.3.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.3.2.\tab}contains
the fully qualified class name of the servlet
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.4.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 initialization parameters:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.4.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 \{param-name, param-value\}
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.4.2.\tab}defines
values that can be set at deployment time and read at run-time via
ServletConfig.getInitParameter(String name)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.5.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 url to named servlet mapping
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.5.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
helloServlet
/hello.html
}{\f0\fs12\lang1024\langfe1024\noproof {\field{\*\fldinst SYMBOL 223 \\f
"Wingdings" \\s 6}{\fldrslt\f14\fs12}}}{\f0\fs12
this maps http://server:port/context_root/hello.html to the helloServlet
servlet.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.5.2.\tab}zero or
more mappings may be defined per web app
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 2.2.5.3.\tab}4 types
of mappings, searched in the following order: (a) explicit
mappings, e.g. /hello.html (b) path prefix mappings e.g. /dbfile/* (c)
extension mappings e.g. *.jsp or *.gif (d) the default mapping \'93/\'94,
identifying the default servlet for the web app
\par {\listtext\pard\plain\b\fs12 \hich\af0\dbch\af0\loch\f0 3.\tab}}\pard \ql
\fi-360\li360\ri0\widctlpar\jclisttab\tx360\faauto\ls1\adjustright\rin0\lin360\itap0
{\b\f0\fs12 The Servlet Container Model
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.1.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 Servlet Context Init Parameters
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.1.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
purpose: defines init parameters accessible by all servlets in the web
application context; set-able at deployment-time, but accessible at run-time
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
3.1.1.2.\tab}interfaces (or classes): javax.servlet.ServletContext
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.1.1.3.\tab}methods:
public Enumeration getInitParameterNames() and public String
getInitParameter(String name)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.1.1.4.\tab}webapp
deployment descriptor element name: \{param-name, param-value\}
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.1.1.5.\tab}behavior
in a distributable: Consider that a different insta
nce of the ServletContext may exist on each different JVM and/or machine.
Therefore, the context should not be used to store application state. Any state
should be stored externally, e.g. in a database or ejb.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.2.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 Servlet Context Listener
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.2.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 purpos
e: An object that implements the ServletContextListener interface is notified
when its web app context is created or destroyed
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
3.2.1.2.\tab}interfaces (or classes): javax.servlet.ServletContextListener
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.2.1.3.\tab}methods:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.2.1.3.1.\tab}}\pard
\ql
\fi-792\li2232\ri0\widctlpar\jclisttab\tx2232\faauto\ls1\ilvl4\adjustright\rin0\lin2232\itap0
{\f0\fs12
void contextInitialized(ServletContextEvent e): called during web server startup
or when context is added or reloaded; requests will not be handled until this
method returns
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.2.1.3.2.\tab}void
contextDestroyed(ServletContextEvent e): called during web server shutdown or
when context is removed or reloaded; request handling will be stopped before
this method is called
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.2.1.4.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 webapp deployment descriptor element name:
\{
fully qualified class name\}
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.2.1.5.\tab}behavior
in a distributable: Each context instance (on different jvm\rquote
s and/or machines) will have its own instance of the listener object. Therefore,
if a context on one jvm/machine is initialized or destroyed, it will not trigger
a listener on any other jvm/machine.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.3.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 Servlet Context Attribute Listener
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.3.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
purpose: An object that implements the ServletContextAttributeListener interface
is notified when attributes are added to or removed from its web app context
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
3.3.1.2.\tab}interfaces (or classes):
javax.servlet.ServletContextAttributeListener
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.3.1.3.\tab}methods:
void
attributeAdded/attributeRemoved/attributeReplaced(ServletContextAttributeEvent
e)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.3.1.4.\tab}webapp
deployment descriptor element name: \{fully
qualified class name\}
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.3.1.5.\tab}behavior
in a distributable: Addition, removal or replacement of an attribute in a
context will only affect the listener for that context, and not other context
\'93instances\'94
on other jvm\rquote s and/or machines.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.4.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 HttpSession Attribute Listener
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.4.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
purpose: An object that implements the HttpSessionAttributeListener interface is
notified when a session attribute is added, removed or replaced
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
3.4.1.2.\tab}interfaces (or classes):
javax.servlet.http.HttpSessionAttributeListener
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.4.1.3.\tab}methods:
void attributeAdded/attributeRemoved/attributeReplaced(HttpSessionBindingEvent
e)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.4.1.4.\tab}webapp
deployment descriptor element name: \{fully
qualified class name\}
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.4.1.5.\tab}behavior
in a distributable: sessions may migrate from one jvm or machine to another;
hence the session unbind event may occur on a different jvm/machine than the
session bind event.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.5.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 Http Session Listener
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.5.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 purpose: An object that implements
the HttpSessionListener interface is notified when a session is created or
destroyed in its web app context
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
3.5.1.2.\tab}interfaces (or classes): javax.servlet.http.HttpSessionListener
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.5.1.3.\tab}methods:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.5.1.3.1.\tab}}\pard
\ql
\fi-792\li2232\ri0\widctlpar\jclisttab\tx2232\faauto\ls1\ilvl4\adjustright\rin0\lin2232\itap0
{\f0\fs12 void sessionCreated(HttpSessionEvent e)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.5.1.3.2.\tab}void
sessionDestroyed(HttpSessionEvent e) - called when session is destroyed
(invalidated)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.5.1.4.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 webapp deployment descriptor element name:
\{
fully qualified class name\}
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 3.5.1.5.\tab}behavior
in a distributable: sessions may migrate from one jvm or machine to another;
hence the session destroy event may occur on a different jvm/machine than the
session create event.
\par {\listtext\pard\plain\b\fs12 \hich\af0\dbch\af0\loch\f0 4.\tab}}\pard \ql
\fi-360\li360\ri0\widctlpar\jclisttab\tx360\faauto\ls1\adjustright\rin0\lin360\itap0
{\b\f0\fs12 Designing and Developing Servlets to Handle Server-Side Exceptions
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.1.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12
For each of the following cases, identify correctly constructed code for
handling business logic exceptions, and match that code with correct statements
about the code\rquote s behavior:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.1.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 return an http error using setStatus
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.1.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 public void HttpServletResponse.setStatus(int statusCode)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.1.1.2.\tab}if this
is not called, the server by default sets the status code to SC_OK(200).
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.1.1.3.\tab}example
status codes: HttpServletResponse.SC_OK(200), SC_NOT_FOUND(404), SC_NO_CONTENT,
SC_MOVED_TEMPORARILY/PERMANENTLY,
SC_UNAUTHORIZED, SC_INTERNAL_SERVER_ERROR, SC_NOT_IMPLEMENTED,
SC_SERVICE_UNAVAILABLE
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.1.1.4.\tab}calling
setStatus() on an error leaves a servlet with the responsibility of generating
the error page
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.1.1.5.\tab}must be
called before the response is committed, otherwise call is }{\b\f0\fs12
ignored}{\f0\fs12
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.1.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 return an http error using sendError
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.1.2.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
public void HttpServletResponse.sendError(int statusCode[, String
statusMessage]) throws IllegalStateException, IOException
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.1.2.2.\tab}the
sendError() method causes the server to generate and send an appropriate
server-specific page describing the error (unless defined in
web.xml)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.1.2.3.\tab}with the
two argument version of this method, the server may include the status message
in the error page, depending on the server implementation
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.1.2.4.\tab}must be
called before response body is committed, else throws IllegalStateException
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.2.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 Given a set of business logic exceptions, identify the following:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.2.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 configuring deployment descriptor for error handling
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.2.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 \'85
404 /404.html
\'85
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.2.1.2.\tab}this
specifies that any call to sendError(), from within this web app, with 404 error
code should display /404.html; this includes requests for static pages that
result in 404 error code
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.2.1.3.\tab}the
value of location must begin with \lquote /\rquote , is treated as based in the
context root, and must refer to a resource within the context
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
4.2.1.4.\tab} may be dynamic (e.g. jsp, servlet); for these, the
server makes available the following request attributes:
javax.servlet.error.status_code and javax.servlet.error.message
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.2.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 configuring deployment descriptor for exception handling
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.2.2.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 \'85 javax.servlet.S
ervletException /servlet/ErrorDisplay
\'85
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.2.2.2.\tab}how the
server handles exceptions thrown by a servlet is server-dependent, unless an
entry exists for a specific exception type or a superclass
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.2.2.3.\tab}
may be dynamic (e.g. jsp, servlet); for these, the server makes
available the following request attributes: javax.servlet.error.exception_type &
javax.servlet.error.message; the exception object itself is not made available;
hence no way to get a stack trace
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.2.2.4.\tab}
servlets must catch all exceptions except those that subclass ServletException,
IOException and RuntimeException (IOException may be caused by client closing
the socket by exiting the browser)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.2.2.5.\tab}a
ServletException may be created with a message and a \'93root cause\'94, both
optional, e.g. \{ throw new ServletException(\'93execution interrupted\'94,
InterruptedException); \}
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.2.2.6.\tab}public
Throwable ServletException.getRootCause() returns the root cause exception
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
4.2.2.7.\tab}javax.servlet package also defines a subclass of ServletException
called UnavailableException(String msg[, int seconds]), which causes server to
take servlet out of service
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.2.3.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 using RequestDispatcher to forward to an error page: see section 1.6
above
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.3.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 Identify the method used for the following:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.3.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 writing a message to the Web App log:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.3.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
void log(String msg) - Writes the specified message to a servlet log file,
usually an event log.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.3.1.2.\tab}void
log(String message, java.lang.Throwable throwable) - Writes an explanatory
message and a stack trace for a given Throwable exception to the servlet log
file.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.3.1.3.\tab}these
are methods are available in GenericServlet and ServletException
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.3.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 writing a message and an exception to the Web App log:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.3.2.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 public void GenericServlet.log(String msg, Throwable t)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 4.3.2.2.\tab}writes
the given message and the Throwable\rquote s stack trace to a servlet log; exact
output format and location of log are server specific
\par {\listtext\pard\plain\b\fs12 \hich\af0\dbch\af0\loch\f0 5.\tab}}\pard \ql
\fi-360\li360\ri0\widctlpar\jclisttab\tx360\faauto\ls1\adjustright\rin0\lin360\itap0
{\b\f0\fs12 Designing and Developing Servlets Using Session Management
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 Identify the interface and method for each of the following:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12
retrieve a session object across multiple requests to the same or different
servlets within the same webapp
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 public HttpSession HttpServletRequest.getSession([boolean create])
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.1.2.\tab}if no
argument provided, then server will automatically create a new session object if
none exists for the user in the web app context
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.1.3.\tab}to make
sure the session is properly maintained, getSession must be called at least once
before committing the response
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.1.4.\tab}sessions
are scoped at the web application level; so a servlet running inside one context
cannot access session information saved by another context.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.1.5.\tab}behind
the scenes, the client\rquote s session id is usually saved on the client in a
cookie called JSESSIONID. For client that don\rquote
t support cookies, the session ID can be sent as part of a rewritten URL,
encoded using a jsessionid path parameter.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.1.6.\tab}note
that a requested session id may not match the id o
f the session returned by the getSession() method, such as when the id is
invalid. one can call req.isRequestedSessionIDValid() to test if the requested
session id (that which was defined in the rewritten url or the persistent
cookie) is valid.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 store objects into a session object
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.2.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
public void HttpSession.setAttribute(String name, Object value) throws
IllegalStateException
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.2.2.\tab}binds
the specified object under the specified name. Any existing binding with the
same name is replaced.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
5.1.2.3.\tab}IllegalStateException thrown if session being accessed is invalid
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.3.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 retrieve objects from a session object
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.3.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
public Object HttpSession.getAttribute(String name) throws IllegalStateException
-- returns the object bound under the specified name or null if there is no
binding
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.3.2.\tab}public
Enumeration HttpSession.getAttributeNames() throws IllegalStateException --
returns all bound attribute names as an enumeration of Strings (empty enum if no
bindings)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.3.3.\tab}public
void HttpSession.removeAttribute(String name) throws IllegalStateException --
removes binding or does nothing if binding does not exist
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.4.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 respond to the event when a particular object is added to a session
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.4.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 any object that implements the javax.servlet.http.HttpSessio
nBindingListener interface is notified when it is bound to or unbound from a
session.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.4.2.\tab}public
void valuBound(HttpSessionBindingEvent event) is called when the object is bound
to a session
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.4.3.\tab}public
void valuUnbound(HttpSessionBindingEvent event) is called when the object is
unbound from a session, by being removed or replaced, or by having the session
invalidated
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.5.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 respond to the event when a session is created or destroyed: see
section 3
.5
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.6.\tab}expunge a
session object
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.1.6.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 public void HttpSession.invalidate() \endash
causes the session to be immediately invalidated. All objects stored in the
session are unbound. Call this method to implement a \'93logout\'94.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.2.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 given a scenario, state whether a session object will be invalidated
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.2.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12
ideally, a session would be invalidated as soon as the user closed his browser,
browsed to a different site, or stepped away from his desk. Unfortunately,
there\rquote s no way for a server to detect any of these events.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.2.2.\tab}session
may expire automatically, after a set timeout of inactivity (tomcat default is
30 minutes)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.2.3.\tab}timeout
can be overridden in web.xml file by specifying
\'85e.g.
60
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.2.4.\tab}timeout
can be overridden for a specific session by calling
HttpSession.setMaxInactiveInterval(int secs) \endash negative value indicates
session should never time out.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.2.5.\tab}session
may expire manually, when it is explicitly invalidated by a servlet by calling
invalidate()
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.2.6.\tab}a server
shutdown may or may not invalidate a session, depending on the capabilities of
the server
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.2.7.\tab}when a
session expires (or is invalidated), the HttpSession object and the data values
it contains are remo
ved from the system; if you need to retain information beyond a session
lifespan, you should keep it in an external location (e.g. a database)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.3.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12
given that url-rewriting must be used for session management, identify the
design requirement on session-related html pages
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.3.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12
For a servlet to support session tracking via URL rewriting, it has to rewrite
every local URL before sending it to the client.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.3.2.\tab}public
String HttpServletResponse.encodeURL(String url)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.3.3.\tab}public
String HttpServletResponse.encodeRedirectURL(String url)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.3.4.\tab}
both methods encode the given url to include the session id and returns the new
url, or, if encoding is not needed or is not supported, it leaves the url
unchanged. The rules for when and how to encode are server-specific.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.3.5.\tab}
note that when using session tracking based on url rewriting that multiple
browser windows can belong to different sessions or the same session, depending
on how the windows were created and whether the link creating the windows was
url rewritten.
\par {\listtext\pard\plain\b\fs12 \hich\af0\dbch\af0\loch\f0 5.4.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\b\f0\fs12 Note}{\f0\fs12 : Using Cookies:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.4.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 To send a cookie to a client: \{Cookie cookie = new
Cookie(\'93name\'94,
\'93value\'94); res.addCookie(cookie);\}.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.4.1.2.\tab}To
retrieve cookies: \{Cookie[] cookies = req.getCookies();\}
\par {\listtext\pard\plain\b\fs12 \hich\af0\dbch\af0\loch\f0 5.5.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\b\f0\fs12 Note}{\f0\fs12 : Http Session Activation Listener
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.5.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12
purpose: Objects that are bound to a session may listen to container events
notifying them when that session will be passivated and when that session has
been activated. A container that migrates sessions between VMs or persists
sessions is required to
notify all attributes bound to sessions implementing
HttpSessionActivationListener.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.5.2.\tab}void
sessionWillPassivate(HttpSessionEvent e) - session is about to move; it will
already be out of service when this method is called
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 5.5.3.\tab}void
sessionDidActivate(HttpSessionEvent e) - session has been activated on new
server; session will not yet be in service when this method is called
\par {\listtext\pard\plain\b\fs12 \hich\af0\dbch\af0\loch\f0 6.\tab}}\pard \ql
\fi-360\li360\ri0\widctlpar\jclisttab\tx360\faauto\ls1\adjustright\rin0\lin360\itap0
{\b\f0\fs12 Designing and Developing Secure Web Applications
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.1.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 identify correct descriptions or statements about the security issues:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.1.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 Authentication: Being able to verify the identities of the parties
involved
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.1.2.\tab}Authorization: Limiting access to resources to a select set of users
or programs
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.1.3.\tab}Integrity:
Being able to verify that the content of the communication is not changed during
transmission
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.1.4.\tab}
Auditing: Keeping a record of resource access that was granted or denied might
be useful for audit purposes later. To that end, auditing and logs serve the
useful purposes of preventing a break-in or analyzing a break-in post mortem.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.1.5.\tab}Malicious
Code:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.1.6.\tab}Web Site
Attacks:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.1.7.\tab}Confidentiality: Ensuring that only the parties involved can
understand the communication
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.2.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12
Identify deployment descriptor element names, and their structures, that declare
the following
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.2.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.2.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
secretSalary
SalaryServer
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.2.1.2.\tab}<}{\b\f0\fs12 security-constraint}{\f0\fs12 >
}{\f0\fs12\lang1024\langfe1024\noproof {\field{\*\fldinst SYMBOL 223 \\f
"Wingdings" \\s 6}{\fldrslt\f14\fs12}}}{\f0\fs12
indicates certain pages in a web app are to be accessed by users in a certain
role (role-to-user mappings stored in server-specific format)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.2.1.2.1.\tab}}\pard
\ql
\fi-792\li2232\ri0\widctlpar\jclisttab\tx2232\faauto\ls1\ilvl4\adjustright\rin0\lin2232\itap0
{\f0\fs12 <}{\b\f0\fs12 web-resource-collection}{\f0\fs12 >
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.2.1.2.1.1.\tab}}\pard \ql
\fi-936\li2736\ri0\widctlpar\jclisttab\tx2736\faauto\ls1\ilvl5\adjustright\rin0\lin2736\itap0
{\f0\fs12 protectedResource
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.2.1.2.1.2.\tab}/servlet/SalaryServer
}{\f0\fs12\lang1024\langfe1024\noproof {\field{\*\fldinst SYMBOL 223 \\f
"Wingdings" \\s 6}{\fldrslt\f14\fs12}}}{
\f0\fs12\lang1024\langfe1024\noproof }{\f0\fs12 same wildcards allowed as for
servlet mappings
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.2.1.2.1.3.\tab}/servlet/secretSalary
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.2.1.2.1.4.\tab}GET
}{\f0\fs12\lang1024\langfe1024\noproof {\field{\*\fldinst SYMBOL 223 \\f
"Wingdings" \\s 6}{\fldrslt\f14\fs12}}}{\f0\fs12
if no methods specified, then all methods are protected
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.2.1.2.1.5.\tab}POST
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.2.1.2.2.\tab}}\pard
\ql
\fi-792\li2232\ri0\widctlpar\jclisttab\tx2232\faauto\ls1\ilvl4\adjustright\rin0\lin2232\itap0
{\f0\fs12
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.2.1.2.3.\tab}managerceo
}{\f0\fs12\lang1024\langfe1024\noproof {\field{\*\fldinst SYMBOL 223 \\f
"Wingdings"
\\s 6}{\fldrslt\f14\fs12}}}{\f0\fs12 if no role-name, then not viewable by any
user; if role-name = \'93*\'94 then viewable by all roles
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.2.1.2.4.\tab}CONFIDENTIAL
}{\f0\fs12\lang1024\langfe1024\noproof {\field{\*\fldinst SYMBOL 223 \\f
"Wingdings"
\\s 6}{\fldrslt\f14\fs12}}}{\f0\fs12 optional, indicates SSL security
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.2.1.3.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.2.1.4.\tab}<}{\b\f0\fs12 login-config}{\f0\fs12 >
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.2.1.4.1.\tab}}\pard
\ql
\fi-792\li2232\ri0\widctlpar\jclisttab\tx2232\faauto\ls1\ilvl4\adjustright\rin0\lin2232\itap0
{\f0\fs12 BASIC/DIGEST/FORM/CLIENT-CERT
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.2.1.4.2.\tab}Default
}{\f0\fs12\lang1024\langfe1024\noproof {\field{\*\fldinst SYMBOL 223 \\f
"Wingdings" \\s 6}{\fldrslt\f14\fs12}}}{\f0\fs12
optional, only useful for BASIC authentication
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.2.1.4.3.\tab} }{\f0\fs12\lang1024\langfe1024\noproof
{\field{\*\fldinst SYMBOL 223 \\f "Wingdings" \\s
6}{\fldrslt\f14\fs12}}}{\f0\fs12
optional, only useful for FORM based authentication
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.2.1.4.3.1.\tab}}\pard \ql
\fi-936\li2736\ri0\widctlpar\jclisttab\tx2736\faauto\ls1\ilvl5\adjustright\rin0\lin2736\itap0
{\f0\fs12
/loginpage.html
/errorpage.html
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.2.1.4.4.\tab}}\pard
\ql
\fi-792\li2232\ri0\widctlpar\jclisttab\tx2232\faauto\ls1\ilvl4\adjustright\rin0\lin2232\itap0
{\f0\fs12
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.2.1.5.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.2.1.6.\tab}<}{\b\f0\fs12 security-role}{\f0\fs12
>manager
}{\f0\fs12\lang1024\langfe1024\noproof {\field{\*\fldinst SYMBOL 223 \\f
"Wingdings" \\s 6}{\fldrslt
\f14\fs12}}}{\f0\fs12 not req\rquote d; explicitly declaring the webapp\rquote
s roles supports tool-based manipulation of the file
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.2.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.3.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 For ea
ch of the following authentication types, identify the correct definition of its
mechanism
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.3.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 BASIC
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.3.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
web server maintains a db of usernames and passwords, and identifies certain web
resources as protected. When these are accessed, web server re
quests username and password; this information is sent back to the server, which
checks it against its database; and either allows or denies access.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.1.2.\tab}Disadvantage: provides no confidentiality, no integrity, and only
the most basic authentication.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.1.3.\tab}Disadvantage: Transmitted passwords are encoded using easily
reversable Base64 encoding, unless additional SSL encryption employed.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.1.4.\tab}Disadvantage: plus, passwords are often stored on server in clear
text
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.1.5.\tab}Advantage: very easy to set up; useful for low-security
environments, e.g. subscription-based online newspaper
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.3.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 DIGEST
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.3.2.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
variation to BASIC scheme; instead of transmitting password over network
directly, digest of password used instead, produced by taking a hash of
username, password, uri, http method, and a randomly generated }{\i\f0\fs12
nonce }{\f0\fs12
value provided by server. Server computes digest as well, and compares with user
submitted digest.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.2.2.\tab}Advantage: transactions are somewhat more secure than with basic
authentication, since each digest is valid for only a single uri request and
}{\i\f0\fs12 nonce }{\f0\fs12 value.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.2.3.\tab}Disadvantage: server must still maintain a database of the original
passwords
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.2.4.\tab}Disadvantage: digest authentication is not supported by very many
browsers
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.3.3.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 FORM
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.3.3.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 the login page must include a form with a POST to the URL \'93
j_security_check\'94 with a username sent as j_username and a password
j_password.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.3.3.2.\tab}any time
the server receives a request for a protected resource, the server checks if the
user has
already logged in, e.g. server might look for Principal object in HttpSession
object. If Principal found, then roles are checked against security contraints;
if Principal not authorized, then client redirected to
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.3.3.\tab}Advantage: allows users to enter your site through a well-designed,
descriptive and friendly login page
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.3.4.\tab}Disadvantage: similar to BASIC, password is transmitted in clear
text, unless SSL used
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.3.5.\tab}Disadvantage: similar to BASIC, no standard logout mechanism
(calling session.invalidate() may work for FORM, but no guarantees), would need
to close browser
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.3.6.\tab}Disadvantage: error page does not have access to any special
information reporting why access was denied or even which page it should point
the user at to try again
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.3.7.\tab}Disadvantage: similar to BASIC, relies on server to authenticate,
so only captures username and password, not custom fields e.g. PIN #.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.3.4.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 CLIENT-CERT
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.3.4.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
BASIC, even with SSL encryption, does not ensure strong client authentication
since anyone could have guessed or gotten hold of client\rquote s username and
password
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 6.3.4.2.\tab}upon
accessing a protected resource, the server requests the client\rquote s
certificate; the c
lient then sends its signed certificate (many browsers require the client user
enter a password before they will send the certificate), and the server verifies
the certificate. If browser has no certificate, or if it is not authorized, then
access is deni
ed.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.4.3.\tab}Advantage: the client will never see a login page, although the
browser may prompt for a password to unlock their certificate before it is sent
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
6.3.4.4.\tab}Disadvantages: users must obtain and install signed certificates,
servers must maintain a database of all accepted public keys, and servers must
support SSL 3.0 in the first place.
\par {\listtext\pard\plain\b\fs12 \hich\af0\dbch\af0\loch\f0 7.\tab}}\pard \ql
\fi-360\li360\ri0\widctlpar\jclisttab\tx360\faauto\ls1\adjustright\rin0\lin360\itap0
{\b\f0\fs12 Designing and Developing Thread-Safe Servlets
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.1.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 Identify which attribute scopes are thread-safe:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.1.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 local variables: yes, thread-safe
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.1.2.\tab}instance
variables: not thread-safe, since a single servlet instance may be handling
multiple service requests at any given time
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.1.3.\tab}class
variables: not thread-safe, since multiple servlets and/or service requests may
try to access a class variable concurrently
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.1.4.\tab}request
attributes: yes, thread-safe, since the request object is a local variable
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.1.5.\tab}session
attributes: not thread-safe, since sessions are scoped at the web application
level, hence the same session object can be accessed concurrently by multipl
e servlets and their service requests
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.1.6.\tab}context
attributes: not thread-safe, since the same context object can be accessed
concurrently by multiple servlets and their service requests
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.2.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12 Identify correct statements about differences between multi-t
hreaded and single-threaded servlet models
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.2.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 multi-thread model servlet:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.2.1.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12 one servlet instance per registered name
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.2.1.2.\tab}for each
servlet request, the server spawns a separate thread which executes the
servlet\rquote s service() method
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.2.1.3.\tab}must
synchronize access to instance variables
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.2.2.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 single-thread model servlet:
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.2.2.1.\tab}}\pard
\ql
\fi-648\li1728\ri0\widctlpar\jclisttab\tx1728\faauto\ls1\ilvl3\adjustright\rin0\lin1728\itap0
{\f0\fs12
has a pool of servlet instances per registered name (depending on the server
implementation, the pool size may be configurable or not, and may be as little
as one.)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
7.2.2.2.\tab}guaranteed by server \'93that no two threads will execute
concurrently in the servlet\rquote s service method\'94
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0
7.2.2.3.\tab}considered thread-safe and isn\rquote t required to synchronize
access to instance variables
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.2.2.4.\tab}does not
prevent synchronization problems t
hat result from servlets accessing shared resources such as static variables or
objects outside the scope of the servlet (e.g. ServletContext, HttpSession)
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.2.2.5.\tab}server
might end up creating more instances than the system can handle, e.g. each
instance
might have its own db connection, hence in total there may be more db
connections than the db server can handle.
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.3.\tab}}\pard \ql
\fi-432\li792\ri0\widctlpar\jclisttab\tx792\faauto\ls1\ilvl1\adjustright\rin0\lin792\itap0
{\f0\fs12
Identify the interface used to declare that a servlet must use the single thread
model\tab
\par {\listtext\pard\plain\fs12 \hich\af0\dbch\af0\loch\f0 7.3.1.\tab}}\pard \ql
\fi-504\li1224\ri0\widctlpar\jclisttab\tx1224\faauto\ls1\ilvl2\adjustright\rin0\lin1224\itap0
{\f0\fs12 interface javax.servlet.SingleThreadModel \{ // this is an empty
\'93tag
\'94 interface \}
\par }}