Professional Documents
Culture Documents
if you have already called the getWriter() method on a ServletResponse object, you cannot call the
getOutputStream() method on the same ServletResponse object.If you do, the getOutputStream()
method
will throw an IllegalStateException.
5.For the getRequestDispatcher() method of ServletContext, the path parameter cannot be relative
and must start with /.
<error-page>
<error-code>403</error-code>
<location>/errorpages/securityerror.html</location>
</error-page>
<error-page>
<exception-type>java.sql.SQLException</exception-type>
<location>/errorpages/sqlerror.html</location>
</error-page>
14.The context and session scopes are not thread safe, while the request scope is thread safe for
all practical purposes because only one thread services one request.
Local variables are always thread safe, static variables never are, and the thread safety of
instance variables depends on the threading model of the servlet.
15.Because the JSP page is converted into a servlet, we can call all the methods in a JSP page that
we can call on a servlet.
14.import is the only attribute of the page directive that can occur multiple times in a translation unit.
15.If isThreadSafe is set to false, the container dispatches the requests to the page one at a
time in the order they are received.
== SingleThreadModel interface for servlets,
16.We cannot declare a method in a scriptlet since we cannot have methods declared inside other
methods in Java.
18.Use "return;" after pageContext.forward("abc.jsp") to prevent from writing anything to the output
stream after the request has been forwarded, because doing so will throw an IllegalStateException().
22.Clicking on a hyperlink always sends a GET request and thus, the doGet() method of the servlet will
be
called.
24.The setContentType defines the output format of the response. If you acquire a PrintWriter then the
setContentType method needs to be called before getting the PrintWriter.
25.The doGet method in the HttpServlet class will be triggered in one of the following cases:
* Type URL in address line of web-browser
* Use an hyperlink inside a web-page
* Use an HTML form with no method definition
* Use an HTML form with GET defines as the method definition
The doPost method will ONLY be triggered only when an HTML form is used and defines the POST
method.
26.OutputStream os = res.getOutputStream();
PrintWriter out = res.getWriter();
28.setMaxInactiveInterval specifies the time, in seconds, between client requests before the servlet
container
will invalidate the session. A negative time indicates the session should never timeout.
If the timeout is 0 or less in DD <time-out>, the container ensures the default behaviour of sessions
is never to time out.
29.Class variables (declared as STATIC) can be shared by multiple servlet instances and therefore can be
accessed by multiple threads even when a servlet has been declared to use the single thread model.
30.The use of the SingleThread Model interface guarantees that only one thread AT A TIME will execute
in a given servlet instance's service method.
31.SingleThreadModel inteface: -
* The servlet container guarantees that no two threads will execute concurrently in the servlet's
service method.
*The servlet container may synchronize access to a single instance of the servlet.
*The servlet container may create multiple copies of the servlet and dispatch
each request to the different servlets.
32.In the multi-threaded model the doGet method is executed by multiple threads concurrently to
service
simultaneous incoming requests.
33.PrintWriter out=res.getWriter();
out.println("Hello Person Servlet");
out.flush();
RequestDispatcher view=req.getRequestDispatcher("web/personView.jsp");
view.forward(req,res);
In this case, the request will not be forwarded to the jsp page. No Exception seems to be thrown. And
prints whatever appear on the servlet output.
34.IMPORTANT !!!1
Before a container initialises a servlet, the following life-cycle phases occur; page translation,
load class, and create instance, that is, a servlet is created as a Java file, compiled, loaded into
memory and then instantiated.
After a JSP page is compiled into a servlet and loaded in the Java virtual machine, an instance of
the servlet is created and initialised before it is ready to service client requests.
38.The release() method is called on a Tag handler to release state. The page compiler guarantees that
JSP page implementation objects will invoke this method on all tag handlers, but there may be multiple
invocations on doStartTag and doEndTag in between.
39.Attributes, prefixes and names are case-sensitive. The following reserved words cannot be used as
prefix for the taglib directive: jsp, jspx, java, javax, servlet, sun and sunw.
<taglib>
<taglib-uri>
<taglib-location>
</taglib>
43.Tagdependent is the value that can be used to identify that the content of the body is only be used
by the tag-handler.
44.Only 2 attributes are mandatory when defining an individual tag. i.e "name" and "tag-class".
49.For <jsp:useBean>
id: identifies the bean that we specify in the JSP page.
scope: declares the scope of the bean (page, request, application or session).
class: identifies the full qualified class name of the bean.
type: represents the type of the object.
beanName:is the name of the bean that is used as an argument to the instantiate() method of the
java.beans.Beans class.
50.IMPORTANT !!!1 :-
BeanName attribute has to be used together with the type attribute.
51.The ServletContext can be obtained from the current session or from the convenience method
getServletContext() defined in javax.servlet.GenericServlet.
52.short-name and tag are required elements within the tag library descriptor file. ?&^$%$#$
tlib-version and jsp-version are required elemets within the taglib element. ?^%$#%^*
54.Auditing is the process of recording user and application actions to log files. In the case
of a SECURITY BREACH, the log files can then be examined to help determine the cause of the
breach and help identify the responsible parties.
55.The realm element specifies the realm name to use in HTTP Basic authorisation.
<realm-name>
56.IP spoofing : technique used to impersonate a trusted system in order to gain unauthorised access
to the system hosting the web site.
/SCWCD/door/file.hall?
The servlet container tries to match the longest path to the servlet mapping, the servlet container
uses the "/" separator to determine if a match can be found. If the servlet container cannot find a
rule that matches, it goes a directory below the hierarchy.
The extension match occurs only when the servlet path does not match any of the rules.
60.Include directive only substitutes the text of the specified resource into the including JSP page.
It doesn't actually include the resource.
This occurs during the translation phase of the life cycle of the JSP page.
63.<%@ include %> and <jsp:forward> DOES NOT SUPPORT FLUSH attribute !!! (VVV IMP)
64.IMPORTANT :-
------------
Considering the following situation
/a.jsp
/c.jsp
/dir/b.jsp
/dir/c.jsp
66.The log methods are declared in "ServletContext" and "GenericServlet" writes the
specified message to a servlet log file excluding the name of the servlet.
getServletContext().log(str);
getServletConfig().getServletContext().log(str);
67.sendError(int , str)
68.When an exception is propagated to the servlet container, the container binds the
propagated exception to the request with the javax.servlet.error.exception attribute name.
req.setAttribute("javax.servlet.error.exception", ex);
69.The Data Access Object design pattern provides a common interface to access data in an underlying
database.
This interface hides the details of accessing the database from the calling components. Therefore the
interface can be used to provide uniform database access for multiple types of databases. The interface
also forms a contract between the application code (usually the business tier) and the data access code
(the resource tier). This binding contract simplifies migration of one database to another because the
interface does not change when the underlying data source implementation changes.
70.The "Front Controller" manages the handling of invoking security services such as authentication and
authorisation, delegating business processing and view selection.
71.The business access code also manages the complexity of distributed component lookup and remote
access
exception handling thus providing a simplified interface to business services, thus "reducing network
traffic".
72.If the getIntHeader method cannot translate the header value to an int, a NumberFormatException is
thrown.
If the getDateHeader method cannot translate the header to a Date object, an IllegalArgumentException
is
thrown.
73.The contents of the WEB-INF directory are visible to servlet code using the getResource and
getResourceAsStream method calls on the ServletContext, and may be exposed using the
RequestDispatcher
calls.
74.The servlet/filter may throw the following errors while processing the requests:-
run time exceptions/ errors
ServletException (or subclasses)
IOExceptions (or subclasses)
Context path
Specifies the path prefix associated with a web application mapping. For a default application
(rooted at the base of the web server's URL namespace), the context path is an empty string.
For a non-default application, the context path starts with a forward slash ('/') but does not
end with one. For example, /my_app_context maps requests that include /my_app_context to the
my_app_context application. The HttpServletRequest.getContextPath() method returns a string
representing the context path.
Servlet path
Specifies the portion of the URL that matches the servlet mapping. This starts with a slash ('/').
The HttpServletRequest.getServletPath() method returns a string representing the servlet path.
Path information.
Comprises the remaining portion of the request path prior to query string parameters. The
HttpServletRequest.getPathInfo() method returns a string representing the remainder of the path.
Query string.
Is contained in the request URL after the path. The HttpServletRequest.getQueryString() method
returns null if the URL does not have a query string. Same as the value of the CGI variable
QUERY_STRING.
76.A filter that modifies a response must usually capture the response before it is returned to the client.
The way to do this is to pass a stand-in stream to the servlet that generates the response. The stand-in
stream prevents the servlet from closing the original response stream when it completes and allows the
filter to modify the servlet's response.
82page directive is evaluated ONLY ONCE during translation phase, and not during execution phase.
List (colorList.get(2) ) :-
${colorList[2]}
${colorList["2"]}
Map
${colorMap[red]} colorMap.get(pageContext.findAttribute("red"))
${colorMap["red"]} colorMap.get("red")
85.For <jsp:useBean>, At least ONE of type and class MUST be present, and it is NOT VALID to
provide both class and beanName.
86.A TLD is invalid if it specifies "JSP" as the value for <body-content> for a tag whose
handler implements the SimpleTag interface.
87.IMPORTANT:-
The eight implicit objects in jsp pages are not visible in declarations.
They are visible in scriplets and expressions.
URL getResource(path);
InputStream getResourceAsStream(path)
92.IMPORTANT:-
The security model doesn't apply when a servlet uses a RequestDispathcer to include or forward a
resource.
Also for error pages (it seems).
<filter-mapping>
---
---
<dispatcher>REQUEST/FORWARD/INCLUDE/ERROR</..>
93.<distributable></distributable>
Specifies that an application is distributable.
94.When a web application is deployed into a container, the following steps must be performed, in this
order,
before the web application begins processing client requests.
1. Instantiate an instance of each event listener identified by a <listener> element in the
deployment descriptor.
2. For instantiated listener instances that implement ServletContextListener, call the
contextInitialized() method.
3. Instantiate an instance of each filter identified by a <filter> element in the deployment
descriptor and call each filter instance�s init() method.
4. Instantiate an instance of each servlet identified by a <servlet> element that includes a
<load-on-startup> element in the order defined by the load-onstartup element values, and call
each servlet instance�s init() method.
95.The file data can be retrieved in the servlet(request) by extracting the ServletInputStream
(for binary file) or the Reader (for text file) from the request.
98.You cannot throw non runtime business exceptions from the servlet code because the signatures of
the
doXXX and service method only permit IOException and ServletException.
99.For a custom tag that can take any number of arbitrary attributes: -
*The tag element in the TLD file for the tag must have
<dynamic-attributes>true</dynamic-attributes>.
*The class implementing the tag must implement
javax.servlet.jsp.tagext.DynamicAttributes interface.
100.You cannot embed one tag inside another tag's attribute list. (Although you can nest one tag inside
another).
101.<body-content>empty|JSP|tagdependent</body-content>
default :- JSP
102.In jsp page if we use request.getSession(false) for a first time access, it will return a valid session
because the session="true" kicks in !!!
107.If the argument of the sendRedirect, encodeURL, encodeRedirectURL methods begins with '/', than
it is a
relative to the container's root (not to the web application's root).
108.The security-role tag can contain only one role-name tag---------- Is this correct ???
109.The sendRedirect method will throw an IllegalStateException when the reponse header has been
sent to
the browser.
110.Business Delegate:-
The Business Delegate design pattern provides a common interface to access different business services
across a network. The interface forms a contract between the application code (usually the presentation
tier) and business service APIs (the business tier). This contract is implemented as a Java object known
as the business delegate object which contains the business service access code that talks to the
underlying business services. This contract simplifies development of the presentation layer because the
business service APIs are abstracted by the interface. Therefore any changes to the business services API
are localised to the business delegate object. Because the interface does not change when business
service
access code is modified, the application calling the business delegate object is is unaffected by any
changes to the business service APIs. The business access code also manages the complexity of
distributed
component lookup and remote access exception handling thus providing a simplified interface to
business
services. The results of remote invocation may also be cached in the business delegate object therefore
reducing the amount of data transmitted across the network.