SLEE6 This training manual may include references to materials, offerings, or products be entered by the student as part of an activity; for example. Student. With Java Technology-SL - Ebook download as PDF File .pdf), Text File Web Component Development With Java™ Technology SL Student Guide. Student Guide - Volume 1. SLEE5 REV C.1 This training manual may include references to materials, offerings, or products that were previously offered .

Sl-314 Student Guide Pdf

Language:English, German, Arabic
Country:Russian Federation
Genre:Children & Youth
Published (Last):03.05.2016
ePub File Size:27.81 MB
PDF File Size:14.43 MB
Distribution:Free* [*Registration needed]
Uploaded by: GLADIS

September Java Programming. Language. SL Sun Educational Services . SL Java Programming For Non-Programmers or have Page Mathematics for the International Student: Mathematics SL has been written to embrace the syllabus for the .. The scalar product of two vectors. Review set 12A. Review set 12B. Review set .. Subject Guide for more details. Time Out Madrid Student Guide /18 .. 65 89 | Published by 80 MÉS 4 Publicacions S.L with the authority and collaboration of Time Out International Limited, London UK. T: 91 54 AdvertorialGastropdf 1 7/12/ 16

HTTP requests and processes the events by manipulating the Model and selecting the appropriate next View. The View retrieves domain objects using the getAttribute method. The Controller passes domain objects to the View using the setAttribute method on the request object. In particular. G Passing data using the request object is called using the request scope.

G G The Model represents the business services and domain objects. The Data Access Object pattern is presented in Module This module only gives you a hint about the MVC pattern. Business Delegate. Data Access Object or Business Delegate that would best solve those issues.

Value Objects. Read the J2EE Blueprints http: The full explanation is presented in Module Data Access Object. G G G G G Describe the purpose of session management Design a Web application that uses session management Develop servlets using session management Describe the cookies implementation of session management Describe the URL-rewriting implementation of session management Copyright Sun Microsystems.

Relevance Relevance Discussion — The following questions are relevant to understanding what session management is all about: What mechanism do you currently use for maintaining communications across requests? G How much additional development is needed to use that communication mechanism? Additional Resources Additional resources — The following reference provides additional information on the topics described in this module: This is called the session scope.

Each request and response message connection is independent of any others. Design multiple. Use a hidden HTML parameter to indicate which action is being performed at a given stage in the session.

Create one servlet Controller for every Use Case in your Web application. This Use Case can be broken down into three activities: This module presents a technique with three main design steps: If the servlet is unsuccessful at processing any of these forms.

The user starts at the main page index. To determine which activity to process. You can store. This API is represented in Figure This is a controversial topic.

At the end of the session. Any control method can access an attribute that has already been set by processing a previous request. A CAJ1. It will be discussed in more detail later in this section.

The servlet has access to the session object through the getSession method of the HttpServletRequest object. Web Application Development Using Session Management Retrieving the Session Object The session object is retrieved from the request object that is passed to the servlet by the Web container.

Note — Only one session object will be created for a given client within a single Web application. If the session object already exists. This has design implications that will be discussed later in this module. You can test whether the session object has just been created using the isNew method. The getSession method returns the current session associated with this request. Note — Line 88 uses an HttpServletResponse method that you have not seen yet.

Naming Session Attributes As noted earlier. If there were no errors. Attribute names should be considered carefully.

If that Use Case servlet uses the same name. It is often better to give a session attribute a more explicit name. Code The processSelectDivision Control Method public void processSelectDivision HttpServletRequest request.

Web Component Development With Java Technology

Code The generateThankYouResponse View Method public void generateThankYouResponse HttpServletRequest request. The session-timeout element is located just under the root web-app element and just after the servlet-mapping elements. An example session-timeout element is shown in Code The value of the session-timeout element must be a whole number that represents the number of minutes that a session can exist if the user has left the session inactive.

There are two other mechanisms for destroying a session. You can use the setMaxInactiveInterval method to change the inactive interval in seconds for the session object. The main issue is that the Web application might have several independent Use Cases that share the same session object.

The servlets handling these other Use Cases might lose data stored in the destroyed session. If you invalidate the session. The servlet must be designed to check that its attributes are null before starting the Use Case. It might be better to remove only the attributes used in the current Use Case.

This API is shown in Figure on page G G G Cookies are sent in a response from the Web server. All Cookies for that domain and path are sent in every request to that Web server. You can add Cookies to the response object using the addCookie method. This method returns an array of all Cookies for the server domain on the client machine.

In your servlet. Later when the visitor returns. The Web container could store the session ID on the client machine. You do not need to code anything special in your servlets to make use of this session strategy. If that happens. The Cookie mechanism is the default HttpSession strategy. When the registration servlet requests the session object. Code Encoding a URL out. The process of URL-rewriting can be tedious. A session can be invalidated and become unusable.

A session is shared among all servlets in a Web application. Calling isNew on the resulting session if you use getSession true. G Any servlet can request that a session be created. Session attributes should be given appropriate names to avoid ambiguity.

G A servlet should create a session using the getSession method on the request object to save the state between HTTP requests. A servlet can determine if a session already exists by: G G G Checking for a null return use getSession false.

A session can time out due to browser inactivity. Use the setAttribute method on the session object to store one or more name-object pairs. Use the invalidate method on the session object to destroy a session. Use the getAttribute method on the session object to retrieve an attribute. The following methods are useful for session management: G Use either of the getSession methods on the request object to access or create the session object.

You can also use the Web container to destroy the session using a timeout declared in the deployment descriptor. Given that URL-rewriting must be used for session management.

G Retrieve a session object across multiple requests to the same or different servlets within the same Web application Store objects into a session object Retrieve objects from a session object Respond to the event when a particular object is added to a session Respond to the event when a session is created and destroyed Expunge a session object G G G G G 5.

For objective 5.

G G Describe the types of errors that can occur in a Web application Declare an HTTP error page using the Web application deployment descriptor Declare a Java technology exception error page using the Web application deployment descriptor Develop an error handling servlet Write servlet code to capture a Java technology exception and forward it to an error handling servlet Write servlet code to log exceptions G G G G Copyright Sun Microsystems.

HTTP errors and servlet exceptions. The status codes in the — range are used to indicate some error. Table shows some examples. A servlet can throw a ServletException to indicate to the Web container that an exception has occurred. An example of a servlet that throws an ArithmeticException is show in Code All non-check exceptions thrown by the service method are caught by the Web container, which issues a servlet exception on behalf of the servlet itself.

An example generic servlet exception error page is shown in Figure Using Custom Error Pages The generic error pages provided by the Web browser for HTTP error codes and the Web container for servlet exceptions are often ugly and not very informative to the end user.

In this module, you will see how to create new error pages and how to activate these custom error pages. There are two ways to activate an error page within a Web application: Programmatic — Handle the Java technology exceptions directly in your servlet code, and forward the HTTP request to the error page of your choice.

Just like standard HTML pages, static error pages are located anywhere in the hierarchy of the Web application. Servlet-based error pages, however, can be given a URL mapping.

An example of this is illustrated in Figure The error-page element must include two subelements: Declaring Servlet Exception Error Pages You can also use a deployment descriptor to handle servlet exceptions. Also, you may use a superclass, like java. Exception, to capture a range of exceptions. The method declares that the method throws the ServletException in the javax.

Because this method is being overridden from the HttpServlet class, you cannot add new exceptions to the throws clause in the declaration. Therefore, every non-checked exception that can be thrown in the body of the servlet code must be caught in a try-catch block. When caught, the exception is wrapped in a new ServletException and then that exception is thrown out of the method. This is a common practice in servlet programming. Developing an Error Handling Servlet As mentioned earlier, the custom error page can be a static HTML page or a dynamic servlet that is called by the Web container to respond to an error.

In this section, you will see how to create an error handling servlet. Custom error pages that are implemented as servlets should override both the doGet and doPost methods. The Web container will activate the error page servlet with the same HTTP method activated the original servlet. If the response should be identical, then these methods can simply dispatch to a common method. If the servlet threw a ServletException.

Access to these request attributes is handled by the getAttribute method. The name of the Java technology exception class is shown in the banner of the page and the request URL is listed in the main body of the response page. This original exception is also called the root cause. G javax. That is. G The ExceptionDisplay servlet uses these two request attributes to dynamically create the display shown in Figure on page Developing an Error Handling Servlet Before the error page servlet is activated.

This code is shown in Code Programmatic exception handling is another technique. The request dispatcher object is retrieved from the servlet context using the getNamedDispatcher method Line To handle exceptions programmatically. In the catch clause. This code is shown in Code on page Programmatic exception handling only applies to Java technology exceptions thrown by servlets. You can also pass request attributes to the exception handling servlet Lines 30— In programmatic exception handling.

Programmatic Exception Handling Programmatic Exception Handling Declarative exception handling is powerful and easy to use. The user could try to activate the exception handler servlet by entering the URL directly into the Web browser. That name is used in the call to the getNamedDispatcher method see Line 29 in Code on page You do not need to specify a URL mapping for exception handling servlets.

Programmatic Exception Handling Exception Handling Servlet Declarations The exception handling servlet must be declared in the Web application deployment descriptor. When you create a URL mapping. All you need to do is add one or more error-page declarations to the deployment descriptor.

The disadvantages of declarative exception handling are: G You must create a URL mapping for every exception handling servlet. This exposes your exception handling servlets to the user. The user sees only one relatively generic error page for all SQL exceptions thrown across the whole Web application.

If you use declarative error handling. It is often too generic. The user might activate the servlet by entering the URL into the Web browser. When one servlet throws an SQLException for example.

Programmatic Exception Handling Trade-offs for Declarative Exception Handling The advantage of declarative exception handling is that it is easy to implement. The disadvantages of programmatic exception handling are: G It requires more code to implement.

The request dispatcher code in the catch clause is not much more code than in the declarative exception handling paradigm. To support programmatic exception handling.

It is often preferable to co-locate the exception handling code with the code that produces the exception. G It keeps the handler code close to the Controller. G It makes dealing with exceptions explicit.

This helps developers especially new developers maintaining older servlet code see clearly how a given exception is being handled. Note — A single Web application can use a combination of declarative and programmatic exception handling. In each catch block. As mentioned earlier. G The handler can be customized to the situation. Programmatic exception handling makes those details explicit. Declarative exception handling hides the error handling details from the servlet code. Programmatic exception handling allows the developer to customize the error page View that the user gets from each servlet.

Throwable methods. You can use either the log String or log String. This logging feature is built into the GenericServlet and ServletContext classes. Logging Exceptions Logging Exceptions Whenever a servlet throws an exception. You can use the error-page deployment descriptor element to declare error pages for both types. Summary Summary This module presented methods for handling errors in Web applications.

You must wrap checked exceptions in a ServletException object in your doXyz methods.

Developing Secure Java Web Services, Java EE 6

An error handling servlet has access to two request attributes javax. This is the important information to know about declarative and programmatic error handling: G There are two types of errors in a Web application: HTTP errors and Java technology exceptions. For programmatic error handling. Identify the method used for the following: Given a set of business logic exceptions. Relevance Relevance Discussion — The following questions are relevant to understanding why Web security is important: Addison-Wesley Longman.

Lincoln D. Why do you think that happened? G Stein.. Web Security.

D65271GC11_ag_windows.pdf - Unauthorized reproduction or...

It is impossible to have perfect security. Malicious or benign users. This module presents a few important security issues and discusses how the Web container can be used to enforce certain security measures. You can select one of four authentication techniques: This is usually done with a user name and password sometimes called a passphrase.

Authentication is used to identify the user. Web Security Issues Authorization Authorization is the process of partitioning Web resources based on user roles. Authentication and authorization are usually used together.

G Data can be corrupted during transmission. Maintaining data integrity guarantees content integrity. Data sent across the network is vulnerable in two ways: G Data can be observed or intercepted. Access Tracking Access tracking also called auditing is the process of keeping records of every access to your Web application.

Trojan horses. In Web applications. Internet service providers need to partition Web applications to prevent malicious code attacks across Web applications. Dealing With Web Attacks Web attacks are attempts to compromise a server by an outside individual or group. The form. The Soccer League administration Web resource collection is shown in Code Declarative Authorization Declarative Authorization To implement declarative authorization.

The web-resource-collection element includes two important subelements: An example Web resource collection is illustrated in Figure on page The web-resource-collection element is embedded in the security-constraint element.

The authconstraint element includes a role-name subelement. Line 53 will match any static page. In the Soccer League example. Security Realms A security realm is a software component for matching users to roles. Every Web container must include a security realm.

Web Component Development With Java Technology-SL314

There are many possible mechanisms: There is nothing that you. The Web browser then must prompt the user for a user name and password. The rest of the authorization process is the same as before. These are the key ideas: G There are six main security issues: Summary Summary This module presented Web application security issues and measures.

G G Describe why servlets need to be thread-safe Describe the attribute scope rules and the corresponding concurrency issues Describe the single thread model for servlets and the issues with this concurrency strategy Design a Web application for concurrency G G Copyright Sun Microsystems.

Additional Resources Additional Resources Additional resources — The following reference provides additional information on concurrency issues: G Arnold. David Holmes. James Gosling. Third Edition. By default. The servlet uses a FileWriter object that is referenced by the customerDataWriter instance variable.

The body of the doGet method is shown in Code on page This is shown in Lines 53—67 in Code on page It is shared across all simultaneous requests on that servlet. This is the critical code because the FileWriter object in the customerDataWriter attribute is a shared resource.

The solution to this problem is to wrap a synchronized block around the critical code in the doGet method. The Need for Servlet Concurrency Management Code 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 Servlet That Is Thread-Safe public void doGet HttpServletRequest request.

An example of a local variable is illustrated in Figure These attributes are thread-safe. The values of these attributes exist within the stack of the thread that is executing the service method. Attributes and Scope Local Variables Local variables are attributes that exist within the scope of the service method or methods called by the service method.

An example of an instance variable is illustrated in Figure These attributes are not thread-safe. If you want to use an instance variable to store a read-write value. An example of a class variable is illustrated in Figure It is best if these attributes are read-only that is.

Attributes and Scope Class Variables Class variables are attributes that exist statically within the servlet class. If you need a read-write attribute. A The best use for request scoped attributes is to pass data from the servlet Controller to the View. Attributes and Scope Request Scope Request scoped attributes exist within the ServletRequest object that is passed to the service method. These attributes are used to generate a dynamic presentation by the View.

The API for the request scope is illustrated in Figure These methods are inherited by the HttpServletRequest interface. A The best use for session scoped attributes is to store data that must be used across multiple requests. While it might appear that there are no concurrency issues with the session scope. A session may exist across multiple HTTP requests for a single client. It is possible for the user to launch multiple Web browsers and interact with the Web application by initiating multiple.

The API for the session scope is illustrated in Figure The object of that attribute should be designed to be thread-safe. The API for the application scope is illustrated in Figure Application attributes are accessible by any servlet throughout the whole Web application. JDBC platform connection pool or data source objects are resources that should be shared across all servlets. A The best use for application scoped attributes is to store shared resources across the whole Web application.

The SingleThreadModel interface is illustrated in Figure The section also discusses the limitations of this technique. You can use STM to signal to the Web container that the servlet class must be handled specially.

The Web container vendor does not have to follow any of these techniques. If more requests arrive than the size of the pool. G Queueing up all of the requests and passing them one at a time to a single servlet instance. Ultimately as a servlet developer. That servlet used an instance variable to hold a reference to a FileWriter object.

Consider the StoreCustomer servlet from the beginning of the module. You must still use a synchronized block to access static variables of the servlet class.

If this servlet implemented the STM interface. The use of instance variables in STM servlets is thread-safe. G For all of these reasons. The use of STM does not solve concurrency issues for session and application scope attributes. Recommended Approaches to Concurrency Management Recommended Approaches to Concurrency Management Here are a few suggestions to help manage concurrency issues within your servlets: G G Whenever possible. G Minimize the use of synchronized blocks and methods in your servlet class code.

Use resource classes that have been properly designed for thread-safety. Use the synchronized syntax to control concurrency issues when accessing or updating frequently changing attributes and when using common resources see Updating an Attribute in the Session Scope on page and Reading an Attribute in the Session Scope on page This can reduce the time that you wait for the resource.

Never synchronize the whole doGet or doPost method. Only local variables and request attributes are thread-safe. Minimize the use of synchronized blocks and methods in your servlet class code.

Use the synchronized syntax to control concurrency issues when accessing or changing thread-unsafe attributes. Do not use the SingleThreadModel interface. G Using shared resources and multiple. Summary Summary This module presented servlet concurrency management issues. John Crupi. Relevance Relevance Discussion — The following questions are relevant to understanding the design decisions for integrating the Web tier with the database tier: Have you ever developed an application that integrates with the database DB tier?

G Did you ever have to change the database design? How did that affect the various tiers in your application? G Alur. Prentice Hall PTR. Dan Malks.

Upper Saddle River. Core J2EE Patterns. In a relational database model. G Update some data in a table This operation allows you to modify the attributes of an entity or relationship.

G Create a row in a table This operation allows you to add a new object entity or relationship into the database. G Delete one or more rows in a table This operation allows you to remove one or more objects or relationships in the database. Tables are organized into rows and columns: A column represents a data attribute. G Retrieve one or more rows in a table This operation allows you to retrieve one or more objects and their relationships to other objects.

This module uses the relational model. Database entities represent objects in Java technology programs. Another concept that is fundamental to the relational database model is the idea that there should be a query language that allows the database to be managed. Database Overview Database Overview A database is a collection of logically related data.

A database is usually managed by a database management system DBMS. This solution can reduce the response time of each HTTP request. One approach is to create a connection for each HTTP request that is processed.

In this technique. When designing a Web application that uses a database. This solution can lead to problems with speed and scalability.

Another approach is to keep only a few connections that are shared among data access logic elements. A servlet would connect to the database. This is called Connection Pooling. There is also an association called Registration that holds the division that the player is registering for within the league. The Soccer League example includes two main domain objects: To design the Model elements of an application you should perform the following tasks: G G G Design the domain objects of your application Design the database tables that map to the domain objects Design the business services the Model to separate the database code into classes using the DAO pattern Domain Objects Domain objects represent the real-world business entities of your application.

This example domain model is shown in Figure This schemata is shown in Figure Each domain object has a corresponding DB table. A resolution table holds the registration data.

The Web tier interacts directly with the business services and the domain objects. This is illustrated in the Soccer League Web application in Figure on page The DAO pattern permits the business logic and the data access logic to change independently.

A-2 Distributed Identity Frameworks A-3 SAML C Schema Validation C Comparing Development Approaches C Strong Typing for Web Services C Debugging Web Service Interactions A-4 A. A-5 A. A-9 A. A A. A B. B-5 B. B-6 B. B-7 B. A-9 A. A A. A B. B-5 B. B-6 B. B-7 B. B-8 B. B-9 B. B-9 C. C-5 C. C C. C D. D-3 D. D-5 D.The model is invoked by the controller. These parameters are declared in the deployment descriptor. A Radio Buttons No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any.

You will also recall from the previous module that the model will be implemented using regular Java objects, the controller will be implemented as a servlet, and the view will be implemented using a JSP. The SingleThreadModel interface is illustrated in Figure So, if a controller servlet writes a data item into an attributed using the following code: JSP pages are a template-based Java technology for handling presentation logic.

MARCENE from Tulsa
I do like safely . See my other posts. I enjoy xingyiquan.