Académique Documents
Professionnel Documents
Culture Documents
CASE 3:- Send the 2st request to HelloServlet:1. Container collects the url pattern of the incoming request and checks whether the
corresponding servlet is initialized or not.
2. If Servlet is initialized then Container picked one Thread from pool and
handovers the remaining request processing.
3. Thread starts request the processing by doing the following tasks.
A. ServletRequest object will be created and will be initialize with the data
coming from the client along with HttpRequest.
B. ServletResponse object will be created and will be initialized with
Response Stream
C. Service method will be invoked by passing ServletRequest and
ServletResponse as parameter.
D. Once service method execution is completed then Response Stream will
be flushed to the client over the network and destroy the Request and
Response object.
E. Once the Response is delivered to the client then thread will be returned
to the pool.
CASE 4:- Send the 1st request to HaiServlet:1) Container collects the url pattern of the incoming request and checks whether
the corresponding servlet is initialized or not.
2) If Servlet is not initialized then container initializes the servlet by doing the
following tasks.
A) Container loads the Servlet class into main memory.
B) Container creates the instance of the Servlet by invoking default
constructors.
C) Container creates ServletConfig object and initialized with config object
with the config parameters specified in the web.xml
D) Container associates the ServletContext object with the Servlet config
object.
E) Container invokes the init() method by passing ServletConfig object as
parameter to initialized the servlet instance with required resources.
3) If servlet is all ready initialized then container picked the thread from pool
and handover the request processing.
4) Thread starts request processing by doing the following tasks.
A. ServletRequest object will be created and will be initialize with the data
coming from the client along with HttpRequest.
B. ServletResponse object will be created and will be initialized with
Response Stream
C. Service method will be invoked by passing ServletRequest and
ServletResponse as parameter.
D. Once service method execution is completed then Response Stream will
be flushed to the client over the network and destroy the Request and
Response object.
E. Once the Response is delivered to the client then thread will be returned
to the pool.
Case 5: Send the 2nd request to HaiSerlvet
1. Container collects the url pattern of the incoming request and checks
whether the corresponding servlet is initialized or not.
2. If Servlet is initialized then Container picked one Thread from pool and
handovers the remaining request processing.
3. Thread starts request the processing by doing the following tasks.
A. ServletRequest object will be created and will be initialize with the data
coming from the client along with HttpRequest.
B. ServletResponse object will be created and will be initialized with
Response Stream
C. Service method will be invoked by passing ServletRequest and
ServletResponse as parameter.
D. Once service method execution is completed then Response Stream will
be flushed to the client over the network and destroy the Request and
Response object.
E. Once the Response is delivered to the client then thread will be returned
to the pool.
Case 6) Shut down the server.
At container shutdown time , following tasks will happened.
1) Thread pool will be destroyed.
2) All the Servlets will be destroyed one by one. When Container is destroying
one Servlet instance it invokes the destroy method on the servlet instance.
3) All the filters will be destroyed, when container is destroying one filter
instance it invokes destroy method on that filter instance.
4) All the Listener will be destroy.
5) If any season object is running in the Container those also will be
destroyed.
Question: What is a Servlet?
Answer: Java Servlets are server side components that provides a powerful mechanism for developing
server side of web application. Earlier CGI was developed to provide server side capabilities to the
web applications. Although CGI played a major role in the explosion of the Internet, its performance,
scalability and reusability issues make it less than optimal solutions. Java Servlets changes all that.
Built from ground up using Sun's write once run anywhere technology java servlets provide excellent
framework for server side processing.
Question: What are the types of Servlet?
Answer: There are two types of servlets, GenericServlet and HttpServlet. GenericServlet defines the
generic or protocol independent servlet. HttpServlet is subclass of GenericServlet and provides some
http specific functionality linke doGet and doPost methods.
Question: What are the differences between HttpServlet and Generic Servlets?
Answer: HttpServlet Provides an abstract class to be subclassed to create an HTTP servlet suitable for
a Web site. A subclass of HttpServlet must override at least one method, usually one of these:
There's almost no reason to override the service method. service handles standard HTTP requests by
dispatching them to the handler methods for each HTTP request type (the doXXX methods listed
above). Likewise, there's almost no reason to override the doOptions and doTrace methods.
GenericServlet defines a generic, protocol-independent servlet. To write an HTTP servlet for use on
the Web, extend HttpServlet instead.
GenericServlet implements the Servlet and ServletConfig interfaces. GenericServlet may be directly
extended by a servlet, although it's more common to extend a protocol-specific subclass such
as HttpServlet.
GenericServlet makes writing servlets easier. It provides simple versions of the lifecycle methods
init and destroy and of the methods in the ServletConfig interface. GenericServlet also implements
the log method, declared in the ServletContext interface.
To write a generic servlet, you need only override the abstract service method.
Question: Differentiate between Servlet and Applet.
Answer: Servlets are server side components that executes on the server whereas applets are client
side components and executes on the web browser. Applets have GUI interface but there is not GUI
interface in case of Servlets.
Question: Differentiate between doGet and doPost method?
Answer: doGet is used when there is are requirement of sending data appended to a query string in
the URL. The doGet models the GET method of Http and it is used to retrieve the info on the client
from some server as a request to it. The doGet cannot be used to send too much info appended as a
query stream. GET puts the form values into the URL string. GET is limited to about 256 characters
(usually a browser limitation) and creates really ugly URLs.
POST allows you to have extremely dense forms and pass that to the server without clutter or
limitation in size. e.g. you obviously can't send a file from the client to the server via GET. POST has
no limit on the amount of data you can send and because the data does not show up on the URL you
can send passwords. But this does not mean that POST is truly secure. For real security you have to
look into encryption which is an entirely different topic.
Question: What are methods of HttpServlet?
Answer: The methods of HttpServlet class are :
* doGet() is used to handle the GET, conditional GET, and HEAD requests
* doPost() is used to handle POST requests
* doPut() is used to handle PUT requests
* doDelete() is used to handle DELETE requests
* doOptions() is used to handle the OPTIONS requests and
* doTrace() is used to handle the TRACE requests
Web-inf
web.xml
classes
servlet classes
lib
jar files
Question: What is ServletContext?
Answer: ServletContext is an Interface that defines a set of methods that a servlet uses to
communicate with its servlet container, for example, to get the MIME type of a file, dispatch requests,
or write to a log file. There is one context per "web application" per Java Virtual Machine. (A "web
application" is a collection of servlets and content installed under a specific subset of the server's URL
namespace such as /catalog and possibly installed via a .war file.)
Question: What is meant by Pre-initialization of Servlet?
Answer: When servlet container is loaded, all the servlets defined in the web.xml file does not
initialized by default. But the container receives the request it loads the servlet. But in some cases if
you want your servlet to be initialized when context is loaded, you have to use a concept called preinitialization of Servlet. In case of Pre-initialization, the servlet is loaded when context is loaded. You
can specify <load-on-startup>1</load-on-startup>
in between the <servlet></servlet> tag.
Question: What mechanisms are used by a Servlet Container to maintain session information?
Answer: Servlet Container uses Cookies, URL rewriting, and HTTPS protocol information to
maintain the session.
Question: What do you understand by servlet mapping?
Answer: Servlet mapping defines an association between a URL pattern and a servlet. You can use one
servlet to process a number of url pattern (request pattern). For example in case of Struts *.do url
patterns are processed by Struts Controller Servlet.
Question: What must be implemented by all Servlets?
Answer: The Servlet Interface must be implemented by all servlets.
Question: What are the differences between Servlet and Applet?
Answer: Servlets are server side components that runs on the Servlet container. Applets are client side
components and runs on the web browsers. Servlets have no GUI interface.
Question: What are the uses of Servlets?
Answer: * Servlets are used to process the client request.
* A Servlet can handle multiple request concurrently and be used to develop high performance
system
* A Servlet can be used to load balance among serveral servers, as Servlet can easily forward
request.
Question: What are the objects that are received when a servlets accepts call from client?
Answer: The objects are ServeltRequest and ServletResponse . The ServeltRequest encapsulates the
communication from the client to the
server. While ServletResponse encapsulates the communication from the Servlet back to the client.
Question: What is a Session?
Answer: A Session refers to all the request that a single client makes to a server. A session is specific to
the user and for each user a new session is created to track all the request from that user. Every user
has a separate session and separate session variable is associated with that session. In case of web
applications the default time-out value for session variable is 20 minutes, which can be changed as per
the requirement.
Question: What is Session ID?
Answer: A session ID is an unique identification string usually a long, random and alpha-numeric
string, that is transmitted between the client and the server. Session IDs are usually stored in the
cookies, URLs (in case url rewriting) and hidden fields of Web pages.
Question: What is Session Tracking?
Answer: HTTP is stateless protocol and it does not maintain the client state. But there exist a
mechanism called "Session Tracking" which helps the servers to maintain the state to track the series
of requests from the same user across some period of time.
Question: What are different types of Session Tracking?
Answer: Mechanism for Session Tracking are:
a) Cookies
b) URL rewriting
c) Hidden form fields
d) SSL Sessions
Question: What is HTTPSession Class?
Answer: HttpSession Class provides a way to identify a user across across multiple request. The
servlet container uses HttpSession interface to create a session between an HTTP client and an HTTP
server. The session lives only for a specified time period, across more than one connection or page
request from the user.
Question: Why do u use Session Tracking in HttpServlet?
Answer: In HttpServlet you can use Session Tracking to track the user state. Session is required if you
are developing shopping cart application or in any e-commerce application.
Question: What are the advantage of Cookies over URL rewriting?
Answer: Sessions tracking using Cookies are more secure and fast. Session tracking using Cookies can
also be used with other mechanism of Session Tracking like url rewriting.
Cookies are stored at client side so some clients may disable cookies so we may not sure that the
cookies may work or not.
In url rewriting requites large data transfer from and to the server. So, it leads to network traffic and
access may be become slow.
Question: What is session hijacking?
Answer: If you application is not very secure then it is possible to get the access of system after
acquiring or generating the authentication information. Session hijacking refers to the act of taking
control of a user session after successfully obtaining or generating an authentication session ID. It
involves an attacker using captured, brute forced or reverse-engineered session IDs to get a control of
a legitimate user's Web application session while that session is still in progress.
Question: What is Session Migration?
Answer: Session Migration is a mechanism of moving the session from one server to another in case of
server failure. Session Migration can be implemented by:
a) Persisting the session into database
b) Storing the session in-memory on multiple servers.
happen when the servlet engine itself is started, or later when a client request is actually
delegated to the servlet.
Servlet instantiation : After loading, it instantiates one or more object instances of the servlet
class to service the client requests.
Initialization (call the init method) : After instantiation, the container initializes a servlet before
it is ready to handle client requests. The container initializes the servlet by invoking its init()
method, passing an object implementing the ServletConfig interface. In the init() method, the
servlet can read configuration parameters from the deployment descriptor or perform any
other one-time activities, so the init() method is invoked once and only once by the servlet
container.
Request handling (call the service method) : After the servlet is initialized, the container may
keep it ready for handling client requests. When client requests arrive, they are delegated to
the servlet through the service() method, passing the request and response objects as
parameters. In the case of HTTP requests, the request and response objects are
implementations of HttpServletRequest and HttpServletResponse respectively. In the
HttpServlet class, the service() method invokes a different handler method for each type of
HTTP request, doGet() method for GET requests, doPost() method for POST requests, and so
on.
Removal from service (call the destroy method) : A servlet container may decide to remove a
servlet from service for various reasons, such as to conserve memory resources. To do this, the
servlet container calls the destroy() method on the servlet. Once the destroy() method has been
called, the servlet may not service any more client requests. Now the servlet instance is eligible
for garbage collection
The life cycle of a servlet is controlled by the container in which the servlet has been deployed.
Note: Most Servlets, however, extend one of the standard implementations of that interface,
namely javax.servlet.GenericServlet and javax.servlet.http.HttpServlet.
10.What is the GenericServlet class?
GenericServlet is an abstract class that implements the Servlet interface and the ServletConfig
interface. In addition to the methods declared in these two interfaces, this class also provides simple
versions of the lifecycle methods init and destroy, and implements the log method declared in the
ServletContext interface.
Note: This class is known as generic servlet, since it is not specific to any protocol.
11.What's the difference between GenericServlet and HttpServlet?
GenericServlet
HttpServlet
The GenericServlet does not include protocolspecific methods for handling request
parameters, cookies, sessions and setting
response headers.
doGet()
In doGet() the parameters are appended to the
URL and sent along with header information.
doPost()
In doPost(), on the other hand will (typically) send
the information through a socket back to the
webserver and it won't show up in the URL bar.
You can send much more information to the
server this way - and it's not restricted to textual
data either. It is possible to send files and even
binary data such as serialized Java objects!
doGet() is a request for information; it does not doPost() provides information (such as placing an
3 (or should not) change anything on the server.
order for merchandise) that the server is expected
(doGet() should be idempotent)
to remember
4 Parameters are not encrypted
8 It allows bookmarks.
It disallows bookmarks.
ServletContext
object are specified in the <init-param> within object are specified in the <context-param>
the <servlet> tags in the web.xml file
tags in the web.xml file.
sendRedirect()
A redirect is a two step process, where the web
application instructs the browser to fetch a
second URL, which differs from the original.
The browser is completely unaware that it has The browser, in this case, is doing the work
taken place, so its original URL remains intact. and knows that it's making a new request.
Any browser reload of the resulting page will
simple repeat the original request, with the
original URL
ServletContext.getRequestDispatcher(String
path)
The getRequestDispatcher(String
path) method
ofjavax.servlet.ServletContext interface
cannot accept relative paths. All path must
Typical example: Putting things one at a time into a shopping cart, then checking out--each page
request must somehow be associated with previous requests.
33.What are the types of Session Tracking ?
Sessions need to work with all web browsers and take into account the users security preferences.
Therefore there are a variety of ways to send and receive the identifier:
URL rewriting : URL rewriting is a method of session tracking in which some extra data
(session ID) is appended at the end of each URL. This extra data identifies the session. The
server can associate this session identifier with the data it has stored about that session. This
method is used with browsers that do not support cookies or where the user has disabled the
cookies.
Hidden Form Fields : Similar to URL rewriting. The server embeds new hidden fields in every
dynamically generated form page for the client. When the client submits the form to the server
the hidden fields identify the client.
Cookies : Cookie is a small amount of information sent by a servlet to a Web browser. Saved by
the browser, and later sent back to the server in subsequent requests. A cookie has a name, a
single value, and optional attributes. A cookie's value can uniquely identify a client.
Secure Socket Layer (SSL) Sessions : Web browsers that support Secure Socket Layer
communication can use SSL's support via HTTPS for generating a unique session key as part
of the encrypted conversation.
Cookies are controlled by programming a low-level API, which is more difficult to implement
than some other approaches.
All data for a session are kept on the client. Corruption, expiration or purging of cookie files
can all result in incomplete, inconsistent, or missing information.
Cookies may not be available for many reasons: the user may have disabled them, the browser
version may not support them, the browser may be behind a firewall that filters cookies, and so
on. Servlets and JSP pages that rely exclusively on cookies for client-side session state will not
operate properly for all clients. Using cookies, and then switching to an alternate client-side
session state strategy in cases where cookies aren't available, complicates development and
maintenance.
Browser instances share cookies, so users cannot have multiple simultaneous sessions.
Cookie-based solutions work only for HTTP clients. This is because cookies are a feature of the
HTTP protocol. Notice that the while package javax.servlet.http supports session management
(via classHttpSession), package javax.servlet has no such support.
DisAdvantages
Every URL on a page which needs the session information must be rewritten each time a page
is served. Not only is this expensive computationally, but it can greatly increase communication
overhead.
URL rewriting limits the client's interaction with the server to HTTP GETs, which can result in
awkward restrictions on the page.
URL rewriting does not work well with JSP technology.
If a client workstation crashes, all of the URLs (and therefore all of the data for that session)
are lost.
<session-config>
<session-timeout>10</session-timeout>
</session-config>
This will set the time for session timeout to be ten minutes.
Setting timeout programmatically: This will set the timeout for a specific session. The syntax
for setting the timeout programmatically is as follows:
public void setMaxInactiveInterval(int interval)
The setMaxInactiveInterval() method sets the maximum time in seconds before a session
becomes invalid.
Note :Setting the inactive period as negative(-1), makes the container stop tracking session, i.e,
session never expires.
Response compression
Filters are configured in the deployment descriptor of a Web application. Hence, a user is not required
to recompile anything to change the input or output of the Web application.
44.What are the functions of an intercepting filter?
The functions of an intercepting filter are as follows:
It intercepts the request from a client before it reaches the servlet and modifies the request if
required.
It intercepts the response from the servlet back to the client and modifies the request if
required.
There can be many filters forming a chain, in which case the output of one filter becomes an
input to the next filter. Hence, various modifications can be performed on a single request and
response.
Listener: when your web application is running in the web container, following tasks
will be done by the web container and developer.
Listener Name
Event
Tasks
1)ServletContextListener ServletContextEvent
2)HttpSessionListener
HttpSessionEvent
3)ServletRequestListener
4)ServletContextAttributeListener
5) HttpSessionAttributeListener
6) ServletRequestAttributeListener
7)HttpSessionActivationListener
8)HttpSessionBindingListener
ServletRequestAttributeEvent
HttpSessionEvent
HttpSessionBindingEvent
No Taks
Container Tasks
1)creates the ServletContext object
ServletContext sctx=new ServletContextImpl();
2)gets the context parameters from web.xml and stores in ServletContext object.
3)create ServletContextEvent