Q.1). What Explain.

is

a WebServer?

Answer : The Web server is the software responsible for accepting browser requests, retrieving the specified file and returning its contents. Most Web servers on the Internet today run on UNIX machines, although the percentage of servers on other platforms is steadily increasing. Web servers are often called httpd, using a UNIX convention in which daemons are named with the name of the service followed by the letter d. Web servers first retrieve the request using Berkeley sockets, a mechanism for communicating over a network. The Web server listens for requests on a particular port on the server machine, generally port 80. By default, Web browsers use port 80 for their requests. Once the server receives the request, it locates the document being requested. It looks for the file under the document root directory. For example, if the document root is /usr/local/httpd/htdocs, and the client requests the document /staff/matthew.html, then the server retrieves /usr/local/httpd/htdocs/staff/ matthew.html. If the URL doesnt specify a file but just a directory, the server returns the directory index file, generally called index.html or welcome.html. The server sends the contents of the file back to the client, along with some HTTP response headers. Among the data in the response headers is the media type (also known as a content type or MIME type), i.e., the format that the file is in. Q.2). List out differences between WebServer and Application Server. Answer : Web Servers : The Web server is the software responsible for accepting browser requests, retrieving the specified file (or executing the specified CGI script), and returning its contents (or the scripts results). Most Web servers on the Internet today run on UNIX machines, although the percentage of servers on other

platforms is steadily increasing. Web servers are often called httpd, using a UNIX convention in which daemons are named with the name of the service followed by the letter d. Web servers first retrieve the request using Berkeley sockets, a mechanism for communicating over a network. The Web server listens for requests on a particular port on the server machine, generally port 80. By default, Web browsers use port 80 for their requests. Application Server: An application server commonly includes a web server so perhaps you can see an application server as an extension of a web server. A web server is where usually web components are deployed, ie. this will provide a run-time environment for these components. Here for deployment we use web.xml file. Where as in application server we can deploy a java components ranging from simple java application to server side business components like ejbs. Usually when we want to deploy EJBs we will go for App servers like weblogic or websphere. Here ejb-jar.xml or application.xml file is used as deployment descriptor. Q.3). What is JSP? How is it different from CGI programming? Answer : JavaServer Pages is a technology for developing web pages that include dynamic content. Unlike a plain HTML page, which contains static content that always remains the same, a JSP page can change its content based on any number of variable items, including the identity of the user, the users browser type, information provided by the user, and selections made by the user. A JSP page contains standard markup language elements, such as HTML tags, just like a regular web page. However, a JSP page also contains special JSP elements that allow the server to insert dynamic content in the page. JSP elements can be used for a variety of purposes, such as retrieving information from a database or registering user preferences. When a user asks for a JSP

page, the server executes the JSP elements, merges the results with the static parts of the page, and sends the dynamically composed page back to the browser. In the early days of the Web, the Common Gateway Interface (CGI) was the only tool for developing dynamic web content. However, CGI is not an efficient solution. For every request that comes in, the web server has to create a new operating-system process, load an interpreter and a script, execute the script, and then tear it all down again. This is very taxing for the server and doesnt scale well when the amount of traffic increases.Numerous CGI alternatives and enhancements, such as perl and Java servlets have been created over the years. While these solutions offer better performance and scalability, all these technologies suffer from a common problem: they generate web pages by embedding HTML directly in programming language code. This pushes the creation of dynamic web pages exclusively into the realm of programmers. JavaServer Pages, however, changes all that. Q.4). Write a JSP program which displays different message to the user based on the time of day. Answer : <%@ taglib prefix=c uri=http://java.sun.com/jstl/co re %> <html> <body bgcolor=white> <jsp:useBean id=clock class=java.util.Date /> <c:choose> <c:when test=${clock.hours < 12}> <h1>Good morning!</h1> </c:when> <c:when test=${clock.hours < 18}> <h1>Good day!</h1> </c:when> <c:otherwise> <h1>Good evening!</h1> </c:otherwise> </c:choose> Welcome to our site, open 24 hours a day. </body> </html> Q.5). Explain JSP Elements.

Answer :There are three types of JSP elements : directive, action, and scripting. Directive elements The directive elements, shown in Table , specify information about the page itself that remains the same between requests for example, if session tracking is required or not, buffering requirements, and the name of a page that should be used to report errors, if any. Element <%@ page ... %> <%@ include ...%> <%@ taglib ...%> Description Defines pagedependent attributes, such as session tracking, error Includes a file during the translation phase Declares a tag library, containing custom actions, that is used in the page

<jsp:forward>

<jsp:param>

<jsp:plugin>

Standard action elements Action elements typically perform some action based on information that is required at the exact time the JSP page is requested by a browser. An action can, for instance, access parameters sent with the request to do a database lookup. It can also dynamically generate HTML, such as a table filled with information retrieved from an external system. The JSP specification defines a few standard action elements. Description dAction Element D Description <jsp:useBean> Makes a JavaBeans component available in a page <jsp:getProperty Gets a > property value from a JavaBeans component and adds it to the response <jsp:setProperty Sets a > JavaBeans component property value <jsp:include> Includes the response from a servlet or

JSP page during the request processing phase Forwards the processing of a request to servlet or JSP page Adds a parameter value to a request handed off to another servlet or JSP page using <jsp:include > or jsp:forward> Generates HTML that contains the appropriate browserdependent elements (OBJECT or EMBED) needed to execute an applet with the Java Plug-in software

<%! ...%>

Declaration, used to declare instance variables and methods in the JSP page implementation class.

Q.6). What are servlets? Explain with an example. Answer : Servlets are Java technologys answer to CGI programming. They are programs that run on a Web server and build Web pages. Building Web pages on the fly is useful for a number of reasons: A. The Web page is based on data submitted by the user. B. The data changes frequently. C. The Web page uses information from corporate databases or other such sources. Here is a simple servlet that just generates plain text. The following section will show the more usual case where HTML is generated. import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class SomeServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Use "request" to read incoming HTTP headers (e.g. cookies) // and HTML form data (e.g. data the user entered and submitted) // Use "response" to specify the HTTP response line and headers // (e.g. specifying the content type, setting cookies). PrintWriter out = response.getWriter(); // Use "out" to send content to browser } } Q.7). Explain Servlet life cycle. Answer :The lifecycle of a Servlet consists of the following fundamental stages: Instantiation - The web server creates an instance of a servlet.

Scripting elements Scripting elements, shown in Table, allow you to add small pieces of code (typically Java code) in a JSP page, such as an if statement to generate different HTML depending on a certain condition. Like actions, they are also executed when the page is requested. You should use scripting elements with extreme care: if you embed too much code in your JSP pages, you will end up with the same kind of maintenance problems as with servlets embedding HTML. Element <% ...%> <%= ...%> Description Scriptlet, used to embed scripting code. Expression, used to embed scripting code expressions when the result shall be added to the response. Also used as request-time action attribute values.

This based on a request or a container startup Initialization - The web server creates the instances init() method. When web server loads a web application, it also loads the initialization parameters associated with the application. The above two states occur only once during the lifetime of a servlet instance. Service - This is the third state in the servlet lifecycle. In this state the servlets service() method is called which generates response. The generation of response involves the following steps: 1.Setting the content type of the response. The receiving application (browser) uses this information to know how to treat the response data. For example, to generate an HTML output, the content-type is set to text/html. 2.The second step is to get PrinterWriter object from reponse. PrintWriter is a class from java.io package that extends the java.io.writer abstract class. In the case of servlets the web server constructs the PrinterWriter object from the java.io.OutputStream object public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException associated with the underlying connection from the client. With TCP/IP based implementations, web servers usually get OutputStream object from the socket, use the object to create the PrinterWriter object, and associate with the HttpServletResponse object. As a result, from within the servlet, you will be able to write to object stream associated with the network association. 3. We can use meta tags in the HTML generated to indicate browser not to cache page and some of the similar tasks. Destroy - This is the final stage in a servlet lifecycle. In this stage the destroy() method is called before shutting down the servlet.

addCookie method this way: <HTML> <HEAD> <TITLE>Setting a Cookie</TITLE> </HEAD> <BODY> <H1>Setting a Cookie</H1> <% Cookie cookie1 = new Cookie("message", "Hello!"); cookie1.setMaxAge(24 * 60 * 60); response.addCookie(cookie1); %> . . . That installs the cookie in the browser. You can also include a link to the page that will read the cookie, <HTML> <HEAD> <TITLE>Setting a Cookie</TITLE> </HEAD> <BODY> <H1>Setting a Cookie</H1> <% Cookie cookie1 = new Cookie("message", "Hello!"); cookie1.setMaxAge(24 * 60 * 60); response.addCookie(cookie1); %> <A HREF="ch08_03.jsp"/>Read the cookie</A> </BODY> </HTML> 9). Explain in brief how to track a user using Sessions with an example. Answer : Sessions are something the server offers us to support user tracking, and theyre great, although they can take up a lot of resources on the server. Sessions let you preserve data between accesses to a Web page by the same user. This example will keep track of the number of times the user has viewed the current page in a session attribute named counter. The first thing to do is see if this attribute has already been set in a former page access in this session, which you can do with the getAttribute method. String objects are fine to store as

Life cycle of Servlet Q.8). How do you create a cookie. Explain with an example. Answer : To create the cookie, you use the Cookie classs constructor, passing it the name of the cookie (which will be message here) and the text in the cookie (which will just be Hello! in this case). You can also set the length of time the cookie will exist on the users computer with the setMaxAge method, which you pass a value in seconds toto make the cookie last for a day, you can pass a value of 24 * 60 * 60 this way: <HTML> <HEAD> <TITLE>Setting a Cookie</TITLE> </HEAD> <BODY> <H1>Setting a Cookie</H1> <% Cookie cookie1 = new Cookie("message", "Hello!"); cookie1.setMaxAge(24 * 60 * 60); %> . . . That creates the cookie, but doesnt install it in the browser to do that, you use the response objects

attributesbut what about integer values such as our counter value? Java has a class to match all the basic data typesInteger for int values, Double for double values, and so on. You can create an object using these classes by passing a string (like 3) to the classs constructor, or by passing a value of the corresponding data type to the classs constructor (for example: Integer integerObject = new Integer(3) or Double doubleObject = new Double(3.14)). You can recover the data in the corresponding basic data form with the intValue method of the Integer class, doubleValue method of the Double class, and so on. The counter variable will be stored as an Integer object, so heres how you can read its value from the session object using the getAttribute method: <%@page import = java.util.* session=true%> <HTML> <HEAD> <TITLE>Using Sessions</TITLE> </HEAD> <BODY> <% Integer counter = (Integer)session.getAttribute("co unter"); . . . If counter has not been set before, getAttribute will return a value of null. That means you can create the counter value, or increment it if it already exists, and store the new value in the session object like the following: <%@page import = "java.util.*" session="true"%> <HTML> <HEAD> <TITLE>Using Sessions</TITLE> </HEAD> <BODY> <% Integer counter = (Integer)session.getAttribute("co unter"); if (counter == null) { counter = new Integer(1); } else { counter = new Integer(counter.intValue() + 1); } session.setAttribute("counter", counter); .

. . That way you can store and retrieve data in the session object. You can also get the current session ID with the getID method. You get the time the session was created with the getCreationTime method, and you get the time the session was last accessed with the getLastAccessedTime method. <%@page import = "java.util.*" session="true"%> <HTML> <HEAD> <TITLE>Using Sessions to Track Users</TITLE> </HEAD> <BODY> <% Integer counter = (Integer)session.getAttribute("co unter"); if (counter == null) { counter = new Integer(1); } else { counter = new Integer(counter.intValue() + 1); } session.setAttribute("counter", counter); %> <H1>Using Sessions to Track Users</H1> Session ID: <%=session.getId()%> <BR> Session creation time: <%=new Date(session.getCreationTime()) %> <BR> Last accessed time: <%=new Date(session.getLastAccessedTi me())%> <BR> Number of times you've been here: <%=counter%> </BODY> </HTML> Q.10). What is SSL? Explain its working. Answer : The Secure Sockets Layer (SSL) protocol, originally developed by Netscape, has become the universal standard on the Web for authenticating Web sites to Web browser users, and for encrypting communications between browser users and Web servers. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate, or Server ID, enables SSL capabilities.

SSL Working SSL Roles SSL has two distinct entities, server and client. The client is the entity that initiates the transaction, whereas the server is the entity that responds to the client and negotiates which cipher suites are used for encryption. In SSL, the Web browser is the client and the Web-site server is the server. Three protocols lie within SSL, the Handshake Protocol, the Record Protocol, and the Alert Protocol. The client authenticates the server during the Handshake Protocol. When the session is initiated and the handshake is complete, the data transfer is encrypted during the Record Protocol phase. If there are any alarms at any point during the session, the alert is attached to the questionable packet and handled according to the Alert Protocol. SSL Handshake The client always authenticates the server, and the server has the option of also authenticating the client. In general,Web servers do not authenticate the client during the Handshake Protocol because the server has other ways to verify the client other than SSL. For ecommerce, theWeb-site server can verify the credit card number externally from the SSL session. In this way, the server can reserve precious processing resources for encrypted transactions. During the Handshake Protocol, the following important steps take place: the session capabilities are negotiated,meaning the encryption (ciphers) algorithms are negotiated; and the server is authenticated to the client.SSL uses symmetric cryptography for the bulk data encryption during the transfer phase; however, asymmetric cryptography, (that is, PKI) is used to negotiate the key used for that symmetric encryption. This exchange is criticalto the Handshake Protocol. Note that the server may optionally ask the client to authenticate itself. Handshake Protocol Steps 1. Client sends ClientHello message. 2. Server acknowledges with ServerHello message 3. Server sends its certificate

4. Optional: Server requests clients certificate 5. Optional: Client sends its certificate 6. Client sends ClientKeyExhcange message 7. Client sends Certificate Verify message 8. Both send ChangeCipherSpec messages 9. Both send Finished messages SSL Records The encryption for all messaging in SSL is handled in the Record Protocol. This protocol provides a common format to frame all Alert, ChangeCiperSpec, Handshake, and application protocol messages. SSL records consist of the encapsulated data, digital signature, message type, version, and length. SSL records are 8 bytes long. Because the record length is fixed, encrypted messages sometimes include padding and pad length in the frame. SSL Alert Protocol As mentioned earlier, the Alert Protocol handles any questionable packets. If either the server or client detects an error, it sends an alert containing the error. There are

three types of alert messages: warning, critical, and fatal. Based on the alert message received, the session can be restricted (warning, critical) or terminated (fatal). Q.11). What are EJBs? List down its advantages and disadvantages. Answer : An EJB is a server-side component that executes specific business logic. EJBs run on a server and are invoked by local or remote clients. A standardized contract exists between an application server and its EJB components that enables a component to run within any application server. The application server provides clearly-defined services while the components adhere to a standard interface. EJBs are not GUI components; rather, they sit behind the GUIs and perform all the business logic, e.g. database CRUD operations. GUIs such as rich clients, web-based clients, and web services are the clients that can make connections to EJBs.

Advantages of EJB Many vendor application servers conform to the J2EE specification allowing one to select a best-ofbreed solution. To handle fluctuations in resource demand server-side resources can easily be scaled by adding or removing servers. Application servers provide access to complex services, namely transaction and security management, resource pooling, JNDI (Java Naming and Directory Interface), component lifecycle management, etc. Disadvantages of EJB EJB has a large and complicated specification. EJBs take longer to develop. Also, when things go wrong they can be more difficult to debug. Occasionally the bug may not be in your code but in the application server itself. No sooner have you deployed your EJB application than you see a new specification coming down the pipe with newer features, rendering your application obsolete. This situation, however, is unavoidable with cutting-edge technologies.