Header values in a HTTP message are used to specify general information about the message like Cache-Control, Date etc. or the data specific information like Content-Encoding, Length etc. HttpServletRequest provides the following methods for retrieving headers: long getDateHeader(String name) Returns the value of the specified request header as a long value that represents a Date object. String getHeader(String name) Returns the value of the specified request header as a String. Enumeration getHeaderNames() Returns an enumeration of all the header names this request contains. Enumeration getHeaders(String name) Returns all the values of the specified request header as an Enumeration of String objects. int getIntHeader(String name) Returns the value of the specified request header as an int. If there is no header by this name, then it returns "-1" and if the value cannot be converted to an int then it throws a NumberFormatException. ServletContext provides the following methods to access resources: URL getResource(String path) Returns a URL to the resource that is mapped to a specified path. InputStream getResourceAsStream(String path) Returns the resource located at the named path as an InputStream object. The path must begin with a "/" and is interpreted as relative to the current context root.

init() throws ServletException service() and doXXX() throw ServletException and IOException destroy() DOES NOT throw any exception. String[] getParameterValues(String name) Returns an array of String objects containing all of the values the given request parameter has, or null if the parameter does not exist. String getParameter(String name) Returns the value of a request parameter as a String, or null if the parameter does not exist. If the parameter has multiple values, the first value is returned. Map getParameterMap() Returns a java.util.Map of the parameters (mapped to String[] of values) of this request. Enumeration getParameterNames() Returns an Enumeration of String objects containing the names of the parameters contained in this request. Signature of all the doXxx() methods are same. They are protected, return void, and throw IOException and ServletException ServletContext (for application scope), HttpSession (for session scope) and ServletRequest(for request scope) have the following three methods to get and set attribute: Enumeration getAttributeNames() Returns an Enumeration containing the names of the attributes available.

res.isCommitted() to check whether the response is committed or not. And then call res.sendError() if the response is not committed A servlet can add a cookie only to the HttpServletResponse object (not to a request). HttpServletResponse has only one method to add a cookie: void addCookie(Cookie cookie) ServletInputStream (for binary file) or the Reader (for text file) from the request.

###########################

Only one instance of the filter class is instantiated per declaration in web.xml the caller resource cannot generate any output after the call to forward(). An error handler servlet should have access to 4 attributes: javax.servlet.error.status_code , javax.servlet.error.exception, javax.servlet.error.servlet_name, and javax.servlet.error.request_uri. So, if you are forwarding the request to an error handling servlet manualy using RequestDispatcher, you should set the above attributes in the request before forwarding the request to the servlet.

You should do JNDI lookups to acquire resources such as a JMS queue in servlet's init() method.

in the case of forward(), the caller is not allowed to write anything to the response after forwarding the request. The filter class must implement 3 methods. init(FilterConfig), doFilter(ServletRequest, ServletResponse, FilterChain), and destroy() . These methods are declared in javax.servlet.Filter interface. if you write to the response after calling sendError() then the data is ignored and no exception is thrown ServletContextEvent object. It has only one methodgetServetContext() Catch the exception, wrap it into ServletException and define the 'business exception to error-page' mapping in web.xml The method HttpServletRequest.getHeader() returns a String containing the complete value of the header in the String. The method HttpServletRequest.getHeaders() returns an Enumeration in which each comma separated value can be retrieved using Enumeration.nextElement().

The following is the sequence of things that happen when you invalidate a session: 1. Container calls sessionDestroyed() on all HttpSessionListeners configured in web.xml (in the order they are declared in web.xml). Notice that although the method name is sessionDestroyed, the session is not destroyed yet . It is about to be destroyed. 2. The container destroys the session. 3. The container calls valueUnbound() on all the session attributes that implement HttpSessionBindingListner interface. contextpath, requestpath (or servlet path), and pathinfo, all start with a /.

Request URL = protocol://host:port + contextpath + requestpath + pathinfo Request Path is the path that maps to the of the <servlet-mapping>. doXXX methods cannot throw exceptions other than: . runtime exceptions or errors . ServletExceptions or subclasses thereof . IOExceptions or subclasses thereof a url-pattern always starts with a / except when it is an extension mapping You cannot start an extension mapping with a /. extension mapping is considered ONLY if there is no path matching <jsp-config> <jsp-property-group> *.jsp <el-ignored>false <jsp-property-group> *.jsp <scripting-invalid>false A web application may access any resource in the WAR files or in any of the jar files in the lib directory using getResource A web application cannot override the web container implementation classes ###########################

The valueBound() method is called BEFORE the object becomes accessible through HttpSession.getAttribute() The valueUnbound() method is called AFTER the object is removed from the HttpSession When the sendError() method is called, the response is assumed to be committed. As per the API of the sendError() method, if you write to the response after calling sendError() then the data is ignored and no exception is thrown A new javax.servlet.ServletRequestListener has been added in the API for this purpose. It is configured in web.xml. regarding the getResource() method of ServletContext If a jsp file is retrieved, the jsp code contained will be returned as it is. If you want to print the stack trace of the exception in the resulting HTML page, you must catch the exception and print the stack trace using the Throwable.printStackTrace(PrintWriter pw) method. ServletException provides the getRootCause() method that returns the wrapped exception. It's return type is Throwable, so you have to cast it to appropriate business exception type. void sendError(int sc) Sends an error response to the client using the specified status code and clearing the buffer.

void sendError(int sc, String msg) Sends an error response to the client using the specified status code and descriptive message. void setStatus(int sc) Sets the status code for this response. void setStatus(int sc, String sm) Deprecated. A call to forward() clears the output buffer before the target resource is invoked The execution control returns to the resource that has called the RequestDispatcher.forward() method after the callee resource finishes processing include() allows but forward() doesn't include() allows but forward() doesn't allow the caller resource to generate any amount of output because if any output is sent to the client, forward() throws an IllegalStateException. GenericServlet class and ServletContext interface, provide methods log(String msg) and log(String, Throwable) that write the information to a log file. Only difference is that the GenericServlet version also prepends the servlet name to the message.

########################### <security-role-ref> boss

manager public java.security.Principal getUserPrincipal() Returns a java.security.Principal object containing the name of the current authenticated user. If the user has not been authenticated, the method returns null declarative security model does not apply in case of include and forward actions. Thus, an unprotected resource can have a call to a protected resource without having the user to log in.

###########################

you are dynamically including page b.jsp in a.jsp (<jsp:include page='b.jsp' /> ). Now, a page scoped bean in a.jsp will not be accessible in b.jsp when the request is transfered to b.jsp. While a request scoped bean in a.jsp will be accessible in b.jsp too. Note, page scoped bean will be acessible in b.jsp if it is a static include ( <%@include file='b.jsp' /> ) in a.jsp because b.jsp becomes a part of the translation unit. the useBean tag is inside a block, the variable sb will be declared inside the block and thus will not be accessible outside it. So the line <%=sb%> will give: Undefined variable: sb The only requirement for a class to be used as a bean in a JSP page is that the class should have a public no-args constructor otherwise java.lang.InstantiationException.

<jsp:setProperty name="user" property="*" /> This sets all the parameters of the request in user bean. Of course, parameter names in the request must match property names of the bean. If the Bean is not already instantiated then the container looks for class or beanName attribute to instantiate an object and then if type is present, it casts the object to the type. Only and at least one of these four combinations must be there in a useBaen tag: a. class b. type c. class and type d. beanName and type The following element sets a property from a value <jsp:setProperty name="results" property="subjectX" value="<%=i+1%>"/>

###########################

The following prefix values are reserved and hence cant be used in taglib prefixes: jsp, jspx, java, javax, sun, servlet, and sunw. A feature of the 'out' tag is that it performs XML characterentity encoding for <, >, &, ", and ' automatically (by default). This means that a < will be automatically encoded to < and a > will be encoded to > and so on. In this case, however, we do not want this feature because we want to write

and

in the

output. Therefore, we need to supress this feature by specifying escapeXml='false'. <%=dept.getName()%> is invalid here:
<%=dept.getName()%> begin: end: step: If you include the var attribute, the text is not included automatically. It is included only where you use the variable. For example: <- test2.jsp will be included here. Since the body content of the tag is tagdependent, the body of the tag will not be processed by the JSP engine. It must be processed by the tag itself. You cannot embed one tag inside another tag's attribute list. (Although you can nest one tag inside another). ###########################

To use scriptlets in a tag's body, its body-content must be JSP. Now, the body of a Simple Tag is translated into a JSP fragment and since JSP fragments do not support scriptlets, the of a SimpleTag cannot be JSP. A TLD is invalid if it specifies JSP as the value for for a tag whose handler implements the SimpleTag interface. Only the following directives are valid for tag files: taglib, include, tag, attribute, variable. If we extend BodyTagSupport, then we use BodyTagSupport.getPreviousOut() to get the enclosing JspWriter

###########################

"Workflow" and "dispatch requests to the appropriate JSP pages" are typical uses of Front Controller pattern. It is also called as Front Component. The is an empty element. It's presence itself signifies that the application may be distribtued. tagext package is a part of javax.servlet.jsp package and not of javax.servlet.http package. The default implementation of HttpServlet class's doHead() method calls the doGet() method. "Accept" header contains strings like "image/gif", which cannot be parsed into a data.

###########################

request scoped beans are stored in ServletRequest. javax.servlet.jsp.JspPage Extends javax.servlet.Servlet and declares jspInit() and jspDestroy(). javax.servlet.jsp.HttpJspPage This interface extends JspPage and adds _jspService() method. If the <scripting-invalid> is specified as true, then a jsp file must not contain any scripting elements otherwise the file is not even translated to the corresponding servlet. If header has multiple values, only the first value is contained in ‘header’ implicit object. javax.servlet.Servlet <- javax.servlet.jsp.JspPage <javax.servlet.jsp.HttpJspPage <- MyJSP Any page directive except import can only occur only once