Errata for Head First Servlets and JSP

Print Submit your own errata for this product.

y y

Confirmed Errata Unconfirmed Errata

The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected". The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question

Version Location Printed Page 30 instead of "ISO-8851-1" it should be Deploym "ISO-8859-1" ent descriptor Note from the Author or Editor: Correct. Page 122 last line InputStream input = request.getInputStream(); but in the java doc is : getInputStream() returns ServletInputStream Note from the Author or Editor: While the book is technically correct because the ServletInputStream is a subclass of InputStream, it would be best to use the more specific class in the text. So please change the last line of code to:

Submitted By Anonymous

Date Submitted Jul 09, 2008

Date Corrected Mar 01, 2011

Printed

Anonymous

Oct 03, 2010

Mar 01, 2011

ServletInputStream input = getInputStream(); Printed Page 123 It says: "possible to create a servlet that First proceses a..." It should says "processes" paragraph instead. 5th line Note from the Author or Editor: Change "process" to "handles" like this: It is also possible to create a servlet that handles a... Page 186 Attributes are not Parameter s - 4th row 3rd column Replace the existing text in the 4th/3rd cell with: ServletContext.getInitParameter(String name) ServletConfig.getInitParameter(String name) ServletRequest.getParameter(String name) Also, for consistency replace the existing text in the 4th/2nd cell with: ServletContext.getAttribute(String name) HttpSession.getAttribute(String name) ServletRequest.getAttribute(String name) German GonzalezMorris Jan 13, 2010 Mar 01, 2011

Printed

Anonymous

Jul 01, 2008

Printed

Page 186

Attributes are not Parameters - 4th row Anonymous 3rd column; Method to get should mention getParameter(String name) for getting request parameters. It has mentioned only getInitParameter(String name) which is applicable only for getting context and servlet init params. Replaced the existing text in the 4th/3rd cell with: ServletContext.getInitParameter(String name) ServletConfig.getInitParameter(String name) ServletRequest.getParameter(String name) Also, for consistency replaced the existing text in the 4th/2nd cell with: ServletContext.getAttribute(String name) HttpSession.getAttribute(String name) ServletRequest.getAttribute(String

Jul 01, 2008

name) ------------------------------------------------------------------Printed Page 217 Answer to Question 1 Page 217 Answer to Question 1. Page 217 Answer to Question 1 Answer states B and C are correct when associated comment (correctly) states (only) answer B is correct. Note from the Author or Editor: Uncheck C Answer states B and C are correct when Anonymous associated comment (correctly) states (only) answer B is correct. Unchecked C ------------------------------------------------------------------There is already an errata for this, saying: Answer states B and C are correct when associated comment (correctly) states (only) answer B is correct. Note from the Author or Editor: Uncheck C -- For reference: B is "flush" and C is "write". By experimenting with Tomcat 5.5.28 on Windows XP Pro SP3 I discovered, that write() can also cause the error: java.lang.IllegalStateException: Cannot forward after response has been committed And print() too. It is so, that after a certain amount of data (getBufferSize() ? ) is put either by write() or print(ln)(), the buffer goes to commited state (isCommitted()==true), even if flush() is not called. So the correct answer is B and C. (and if print(ln) were listed too, that would be a correct answer too). Note from the Author or Editor: Already fixed in the 2nd Edition. Printed Page 221 Answer to Question 11 The explanation says A and B are wrong, as the order is determined by the DD. But that fact is never mentioned before the mock exam. OK, you learn it the "hard" way, but it still gives a weird David Bala ic Aug 21, 2009 David Bala ic Aug 21, 2009 Jul 01, 2008 Anonymous Jul 01, 2008

Printed

Printed

Jul 01, 2008

impression. Was this on purpose? Note from the Author or Editor: We never intend to create questions that depended knowledge external to the book's content. If this content did not make it into the book, please accept my apologies. A fix for the lack of content must wait until the next edition. Printed Page 222 Question 15, Answer C Answer C implies that if I use a Anonymous ServletRequest and ServletContext obtain a RequestDispatcher for a resource, then the path to the resource will be different (i.e. will change). This is not correct if the argument to both getRequestDispatcher calls begins with a forward slash, which means relative to the context root in both cases. It is correct to say the paths can be different, but it is not a mandatory condition. Note from the Author or Editor: Change option C text from "to will change" to "to may change" Printed Page 222 Question 15, Answer C Answer C implies that if I use a Anonymous ServletRequest and ServletContext obtain a RequestDispatcher for a resource, then the path to the resource will be different (i.e. will change). This is not correct if the argument to both getRequestDispatcher calls begins with a forward slash, which means relative to the context root in both cases. It is correct to say the paths can be different, but it is not a mandatory condition. Changed option C text from "to will change" to "to may change" -----------------------------------------------------------------HFSJ 2nd Edition Third Indian Reprint Kamal 2008 I downloaded the Servlet 2.4 api's. Tripathi Navigate to ServletContext, it doesn't list getContextPath() as one of the methods for ServletContext. So getContextPath Feb 19, 2009 Jul 01, 2008 Jul 01, 2008

Printed

Page 222 Question 14 Answer for

Oct 01, 2009

ServletCo should not be listed against ntext ServletContext. Note from the Author or Editor: VALID Remove "getContextPath" from the center cell of this grid. Printed Page 222 answer to question 14, written "note" Page 239 last question "At this point this shouldn't really about Michael memorization..." should be "At this point Angstadt this shouldn't really be about memorization..." Note from the Author or Editor: Correct The answer to question "Is URL David rewriting handled in a vendor-specif c Bala ic way?" claims, that the use of ; as a separator is not mandated and that the presence of the "jsessionid=" is optional. This appear to contradict the servlet spec v2.4 chapter 7.1.3. There is says, I quote: The session ID must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid. (end quote) Path parameters in URL's are encoded by ";" followed by parameter. So there is not much choice left, besides <classicURL>;jsessionid=<the_id> On the other hand, the URL/URI RFCs (1738, 2396, 3986) are bit hard to read and one can't be sure if the ";pname=pvalue" parameter format is actual defined standard or not. Regards, David Note from the Author or Editor: Remove the fourth line "And while Tomcat adds..." from the last paragraph on pg 239. Printed Page 240 "Bang" box, 2nd written "note" "Don't do this! It's supposed to be a header!" should be "Don't do this! It's supposed to be a cookie!" Note from the Author or Editor: Michael Angstadt Jan 17, 2010 Mar 01, 2011 Aug 31, 2009 Mar 01, 2011 Jan 17, 2010 Mar 01, 2011

Printed

Correct PDF Page 249 2nd Answer's Result (Last paragraph ) of Chapter 6 IllegalStateException is thrown before it reach the isNew() method on session. Since session.setMaxInactiveInterval(0) will cause the session invalidated immediately, the next line of code session.getAttribute("foo") method will throw IllegalStateException before it reach session.isNew() method. Note from the Author or Editor: VALID Remove the line of code that reads "String foo = (String) session.getAttribute("foo"); On pg 249: also remove that line PDF Page 255 The last line of the page is incomplet e, seems incomplet e, like this 'The se' The last line in my PDF version of this book is 'chance to get themselves ready for access. The se' I check the next page (pg.256), there's no continuation for the last line in pg. 255, so it seems to me, that there's incomplete sentence in the last line of pg. 255. Thank you in advance for checking and correcting this small typo (or formatting issue ?). Note from the Author or Editor: Drop the last sentence fragment: "The se" Printed Page 256 Bang box titled "You do NOT configure session binding listeners in the DD! Page 256 Bang box titled "You do Change the title to "You do NOT configure ALL session listeners in the DD!" Change the "HttpSessionActivationListener" to "HttpSessionAttributeListener" in the text. Anonymous Jul 01, 2008 Anonymous Mar 16, 2009 Oct 01, 2009 Lee Kian Giap Dec 31, 2008 Oct 01, 2009

Printed

Changed the title to "You do NOT configure ALL session listeners in the DD!" Changed the "HttpSessionActivationListener" to

Anonymous

Jul 01, 2008

NOT configure session binding listeners in the DD! PDF Page 261 BeerSessi onCounte r class example

"HttpSessionAttributeListener" in the text. -------------------------------------------------------------------

This class, as written, isn't thread safe. So, the question is whether or not it should be thread safe or whether the container provides the guarantee that listeners aren't called concurrently. Seems like the example/text needs to be augmented either way. Note from the Author or Editor: Correct. Add the keyword 'synchronized' to both methods; like this: public synchronized void sessionCreated(... public synchronized void sessionDestroyed(...

Anonymous

Feb 22, 2010

Mar 01, 2011

Printed

Page 264 seond row, last column (HttpSess ionActiva tionListen er -> Usually implemen ted by Page 265 Bottom "handwrit ten" note

The book says that Anonymous HttpSessionActivationListener is "usually implemented by" both "An attribute class" and "Some other class". IMHO the latter answer is wrong. The listener must not be registered in the DD - only attribute value classes get notified. Note from the Author or Editor: I agree. O'Reilly: Remove the "cross icon" on the "Some other class" box in the second row / last column. "It returns the old value, not the new Anonymous one." I can't find any definite statement in the spec regarding the result of HttpSessionBindingEvent.getValue() for each of the events. But I tested on Tomcat 5.5.27, Tomcat 6.0.18 and Glassfish V2 UR2 Final Build. The result are consistent for these containers and the statement "returns the old value" is mostly WRONG: attributeAdded(): value is new value (rather than old value

Sep 26, 2008

Mar 01, 2011

Printed

Sep 26, 2008

Oct 01, 2009

== null) attributeReplaced(): value is always the NEW value valueUnbound(): "this" is always the old value. event's value is null iff the attribute has been replaced, or the old value if the attribute has been removed. attributeRemoved(): indeed the event's value is the OLD value (rather than null) Who the heck should memorize that? Here's the sequence that I tested (set/removeAttribute statement plus generated events): session.setAttribute("dog", new Dog(1)): Dog{no=1}.valueBound: event.getValue()=Dog{no=1} AttributeListener.attributeAdded: event.getValue()=Dog{no=1} session.setAttribute("dog", new Dog(2)): Dog{no=2}.valueBound: event.getValue()=Dog{no=2} Dog{no=1}.valueUnbound: event.getValue()=null AttributeListener.attributeReplaced: event.getValue()=Dog{no=2} session.removeAttribute("dog"): Dog{no=2}.valueUnbound: event.getValue()=Dog{no=2} AttributeListener.attributeRemoved: event.getValue()=Dog{no=2} Note from the Author or Editor: VALID The spec says "Returns the value of the attribute that has been added, removed or replaced. If the attribute was added (or bound), this is the value of the attribute. If the attribute was removed (or unbound), this is the value of the removed attribute. If the attribute was replaced, this is the old value of the attribute." This is about as succinct as I think it could be said. So... The complete handwritten note should be rewritten as: "The getValue() returns the object value of the attribute that triggered the event. If the attribute was added (or bound), this is the value of the

attribute. If the attribute was removed (or unbound), this is the value of the removed attribute. If the attribute was replaced, this is the old value of the attribute." Safari Books Online 279 15 th question For the question no 15, you people have uday kumar given 'A' and 'C' are the correct answers. maddigatla But in the reality when we try to implement this scenario(like creating a class which extends HttpSessionAttributeListener and another class which extends HttpSessionBindingListener.Declared session time out in DD then we added logs in each Listener class, once session invalidated after the time specified in DD, the log is showing clearly that it has called the sessionDestroyed(), valueUnbound() and also attributeRemoved() methods). This states that option 'E' also correct answer. Please check this. Sorry if i'm wrong. Note from the Author or Editor: This is a little tricky. Yes, it is true that all attributes are removed when a session is terminated (and thus the attributeRemoved() method is called); it is not the intent of the question. Likewise, option C should not be selected. Printed Page 310 urlpattern tag The jst-file tag contains "TestInit.jsp" but the url-pattern tag contains "TestInif.jsp", which appears to be a typo. Note from the Author or Editor: VALID Change the 12th line of the first code example to: <urlpattern>/TestInit.jsp</url-pattern> Printed Page 310 urlpattern tag Line 12 of code the url-pattern tag Anonymous contains "TestInif.jsp", which appears to be a typo. Changed "TestInif.jsp" to "TestInit.jsp" -------------------------------Jul 01, 2008 Anonymous May 19, 2008 Jul 01, 2008 Mar 04, 2009 Mar 01, 2011

-----------------------------------Printed Page 310 Declarati on code example at the bottom, 5th line This is invalid code in a JSP: Anonymous ServletContext ctx = getServletContext(); The spec only guarantees that the JSP implementation class implements JspPage which extends Servlet, but _not_ GenericServlet (which implements ServletConfig and contains the implementation of getServletContext())." So the correct line would be ServletContext ctx = sConfig.getServletContext(); (The original code does indeed work on Tomcat, but that's merely an implementation side effect.) Note from the Author or Editor: VALID Make the recommended change. PDF Page 337 Question 4 Does jspInit() have direct acces to the ServletContext? The spec it says "When method is called all the methods in servlet, including get- ServletConfig are available". I'm guesing option C should not be correct based on what the spec says Note from the Author or Editor: This method is only meant to be called by the container. But I suppose that some other method in the JSP *could* call this method, although that would contradict the contract of that method. From a cert-exam perspective Option-C is not "always correct under all conditions." Rewrite Option-C as "It is only called once by the Container." Printed Page 355 The final sentence states, "...the class last must be a subclass...". I know this is paragraph splitting hairs, but since were are talking about types (e.g. interface), I believe, "...the class must be a subtype...", would be semantically (more) correct. Note from the Author or Editor: Anonymous May 21, 2008 Jul 01, 2008 Anonymous Sep 03, 2009 Mar 01, 2011 Oct 03, 2008 Oct 01, 2009

MOSTLY VALID, BUT SUBTYPE MIGHT BE A SUB-INTERFACE WHICH IS *NOT* VALID IN THIS CONTEXT. Change last sentence to "So that means that /class/ must be a concrete implementation of the /type/." Printed Page 355 The final sentence states, "...the class Anonymous last must be a subclass...". I know this is paragraph splitting hairs, but since were are talking about types (e.g. interface), I believe, "...the class must be a subtype...", would be semantically (more) correct. MOSTLY VALID, BUT SUBTYPE MIGHT BE A SUB-INTERFACE WHICH IS *NOT* VALID IN THIS CONTEXT. Changed last sentence to "So that means that /class/ must be a concrete implementation of the /type/." -----------------------------------------------------------------Page 358 The second sentence states there are 3 first code examples but only 2 examples are paragraph provided. Note from the Author or Editor: VALID Change "three" to "two" in the fourth line. Printed Page 358 The second sentence states there are 3 Anonymous first code examples but only 2 examples are paragraph provided. Changed "three" to "two" -----------------------------------------------------------------Page 359 Code example at the bottom of the page using scripting inside a standard action When testing in Eclipse the following Abel JSP piece: <jsp:useBean id="person" Morelos type="foo.Person" class="foo.Employee"> <jsp:setProperty name="person" property="name" value="<%= request.getParameter("userName") %>" /> </jsp:useBean> I get the following error in the console output: org.apache.jasper.JasperException: /TestBean.jsp(12,58) Attribute value Jan 22, 2010 Jul 01, 2008 Anonymous May 21, 2008 Jul 01, 2008

Printed

Jul 01, 2008

Printed, Safari Books Online

Mar 01, 2011

request.getParameter("username") is quoted with " which must be escaped when used within the value In order to fix the error, you need to escape the "username" parameter name, so the previous code should be: <jsp:useBean id="person" type="foo.Person" class="foo.Employee"> <jsp:setProperty name="person" property="name" value="<%= request.getParameter(\"userName\") %>" /> </jsp:useBean> Note from the Author or Editor: Rewrite the setProperty code like this: <jsp:setProperty name='person' property='name' value='<%= request.getParameter("userName") %>' /> Printed Page 383 JSP code, EL expressio n I think the line ${pageContent.currentTip} should be ${pageContext.currentTip}. Also 3 occurences on page 384 Note from the Author or Editor: The 'pageContent' was meant to be a wrapper object, but the text never made that clear. Rewrite the third line of code as: ${currentTip} Printed Page 397 paragraph at the top of the page It states that the answers to the questions Michael are printed upside down at the bottom of Angstadt the page. They are not. The answers are listed on the next page. Note from the Author or Editor: Right. Remove the last two sentences in this paragraph. Printed Page 412 Subheade r "The included header that USES The page shows a code that uses a jsp Anonymous standard action to include a file named "Header.jsp", but "Header.jspf" is mentioned in the following subtitle: "The included header that USES the new param ("Header.jspf")" Remove the Nov 26, 2008 Oct 01, 2009 Jan 17, 2010 Mar 01, 2011 Anonymous Aug 15, 2010 Mar 01, 2011

(...)"

trailing "f" from "Header.jspf". Note from the Author or Editor: VALID Delete the 'f' character on the end of "Header.jspf"

PDF

Page 420 Answer for the number 1 exercise

"<jsp:useBean id= person Anonymous type= foo.Employee scope= request > <jsp:setProperty name= person property= name value= Fred /> </jsp:useBean > Name is: <jsp:getProperty name= person property= name /> Look at this standard action: What happens if the servlet code looks like: 1 foo.Person p = new foo.Employee(); p.setName( Evan ); request.setAttribute( person , p); ANSWERS FAILS at request time! The person attribute is stored at request scope, so the <jsp:useBean > tag won t work since it specifies only a type." The answer is wrong since the attribute scope is defined as request in the <jsp:useBean>. The correct would be "Prints Name is Evan." Note from the Author or Editor: VALID This exercise has dogged us from the beginning. It will be complete replaced in the next edition.

Nov 16, 2008

Printed

Page 437 Question 17

Regarding the usage of the dot "." operator, the last comment on page 370 states, "If the object is a bean but the named property doesn't exist, then as exception is thrown? However, the answer to question 17 on page 437 does not reflect this as being true as 17-C is not checked. Note from the Author or Editor: Add a checkmark on Option C

Anonymous

Jul 01, 2008

Printed

Page 437 Question 17

Regarding the usage of the dot "." operator, the last comment on page 370 states, "If the object is a bean but the

Anonymous

Jul 01, 2008

named property doesn't exist, then as exception is thrown? However, the answer to question 17 on page 437 does not reflect this as being true as 17-C is not checked. Added a checkmark on Option C ------------------------------------------------------------------Printed Page 443 Two references are made to escapeXML. Anonymous Last The correct parameter name is paragraph escapeXml. Note from the Author or Editor: Yes, replace "escapeXML" with "escapeXml" PDF Page 445 First Paragrah, second example Hello, On page 445 that discusses how null values are rendered, there is a problem with the second example. The example indicates that for JSP expressions if the variable is null, the output will contain nothing: Quote: "A JSP expression tag prints nothing if user is null: <b>Hello <%= user %>.</b> Renders as <b>Hello .</b>" Although this is true for ELs, it is not this way for JSP expressions. For the given example, the output will be "Hello null." Best Regards, Horatiu Note from the Author or Editor: VALID The second box should contain the text "<b>Hello null.</b>" PDF Page 445 first handwritt en comment from the top This page states that if I try to output a Anonymous value with an expression, and the value evaluates to null, nothing is printed. This is incorrect, as the null variable is passed to the writer, and the string "null" is printed. I tested this on Tomcat 5.5.26. So, the second example of how the text is rendered should say "Hello null." Here is the JSP code I tested this with: <html> <body> <%! String user = null; %> <b> Hello <%= user %>.</b> </body> </html> Aug 17, 2008 Sep 01, 2010 Anonymous Oct 13, 2008 Oct 01, 2009 Feb 25, 2009 Oct 01, 2009

Note from the Author or Editor: This should have been fixed in the previous re-print; but if not... O'Reilly: the text in the middle box should read "<b>Hello null.</b>" Printed Page 463 "The JSP with the <jsp:import>" should be "The JSP with the <c:import>" Note from the Author or Editor: Change title of step 1 as described. Printed Page 475 written "note" at the bottom of the page It states that the book doesn't cover Michael <c:out>. This is false. <c:out> is covered Angstadt on p.443-5. Note from the Author or Editor: Right you are. We didn't cover the c:out tag in the 1st Edition but added it in the 2nd Edition. Rewrite the last statement in the hand-written note as: We also didn't cover <c:redirect> but that... Anonymous Feb 16, 2009 Oct 01, 2009 Jan 17, 2010 Mar 01, 2011 Anonymous Nov 09, 2009 Mar 01, 2011

Printed

Page 484 The fourth sentence states "The 3rd Container could care less...". While I Paragraph understand this atrocious grammar has become commonplace with lazy-speak, it should be written correctly. This should be corrected to "The Container couldn't care less...". Note from the Author or Editor: OK Start the fourth sentence as "The Container couldn't care less..."

Printed

Page 484 3rd paragraph , 6th-7th lines

"Su could have named the JSTL..." should be "Sun could have named the JSTL..." Note from the Author or Editor: Correct. Also remove the extraneous space character on the next line before the word "could" The arrow from "<rtexprvalue>true</rtexprvalue>"

Michael Angstadt

Jan 17, 2010

Mar 01, 2011

PDF

Page 490 diagram

pcchee

Apr 16, 2009

Mar 01, 2011

should point to "${foo}", not "/>" Note from the Author or Editor: Correct. O'Reilly: Move the <mine:advice ... /> code about 1/8 inch to the right. Make sure the move the hand-drawn underlines as well. Printed Page 491 & 495 Question 1, option D Option D references tag files which aren't mentioned until the next chapter and the role of TLDs in Tag files isn't explored until page 509. Note from the Author or Editor: VALID Drop Option D here and on pg 495. Printed Page 508 The discussion on scripting in Tag files Anonymous Paragraph is very confusing. The first sentence of s2&3 the third paragraph reads "In fact, Tag File bodies are never allowed to have scripting, so it's not an option." Using the term 'Tag File bodies' makes it sound like you mean you can not use scripting in the *.tag file, instead of the body of the tag reference in the JSP that uses the tag. Note from the Author or Editor: OK For clarification the first sentence in the third paragraph should start with "In fact, the bodies of Tag File tags are never..." Printed Page 533 second line (also in PDF) The second line begins with: areevaluated when A space is missing: are evaluated David Bala ic Aug 27, 2009 Jan 17, 2010 Oct 01, 2009 Feb 22, 2009 Oct 01, 2009 Anonymous Feb 22, 2009 Oct 01, 2009

Printed

Page 533 "areevaluated" should be "are evaluated" Michael 1st Angstadt paragraph Note from the Author or Editor: , 2nd line Correct - this was fixed in the second edition. Page 565 Top of Page The chart is labeled "Lifecycle METHODS for Classic tag methods". I found this very confusing and the Anonymous

Sep 01, 2010

Printed

Feb 22, 2009

instructions were not helpful. It all became very clear when I turned the page and the answer chart was labeled "Lifecycle RETURN VALUES for Classic tag methods". Note from the Author or Editor: Agreed. In the next printing we should provide the answers for a few of the cells in the chart as a starting point. Printed Page 579 & 590 Question 2 Option E. jsp:invoke is Option E for Question 2. I Anonymous can not find where jsp:invoke is mentioned in the book, especially in Chapter 10, which is the chapter this test is covering. If it is in the book and I just missed it, sorry. Note from the Author or Editor: VALID The jsp:invoke std action is not mentioned in the book so no question should refer to it. Drop Option E on this page and pg 590. Printed Page 580 Line 11 in code of question no 3 The line 11 in the code in self test Ankit Garg question 3 of chapter 10 shows int as the return type of doTag method while it is void. Same mistake on page 591 Note from the Author or Editor: Change on these two pages the "int" into "void" like this: 11. public void doTag() throws JspException, IOException { Printed Page 582 Chapter 10, Question 6 Chapter 10 - Question 6 Anonymous findAncessorWithClass(). This method is just barely touched on on page 574, without giving too much more than a signature and a brief description of what it does. Furthermore, the last sentence on page 574 states "You will not be tested on any details of using findAncessorWithClass(). All you need to know for the exam is that it exists!". Given this, question 6 is pretty detailed. Maybe this question was a leftover from Feb 22, 2009 Mar 01, 2011 Nov 08, 2009 Mar 01, 2011 Feb 22, 2009 Oct 01, 2009

the first edition. Note from the Author or Editor: VALID, the book does not cover this method in the level of detail needed for this question. Drop this item here and on pg 593. Printed Page 583 Mock Exam, Questions 08 and 18. Chapter 10 - Mock Exam - Printed Josnel version. Question 08 - Option B. Maraver Question 18 - Option E. It was never mentioned in the aforementioned chapter (Please correct me if I'm wrong) that the tag files could also have a *.tagx extension, for which reason any reader would have considered option B (Question 08) and option E (Question 18) as wrong (unless you previously read the specs before answering both questions). This is only briefly mentioned in the next chapter, pages 634 y 636. My suggestion would be for page 502 to be modified to include the previously mentioned annotation where it says: "Take an included file (like "Header.jsp") and rename it with a .tag extension". This way, the questions can remain the same. Best regards and thank you in advance. Note from the Author or Editor: Good point. O'Reilly: if it will fit (in the upper-right corner on pg 502) add a hand-written note: "You could also use the tagx file extension; if the content is valid XML." and include a hand-drawn arrow pointing to the "Header.tag" labeled file icon. Printed Page 586 & 597 Question 14 Option E Chapter 10 - Question 14 - Option E. getAttributesScope("key") is not mentioned in the book. Chapter 8 does have a note to visit the API to see the getters for PageContext, but does not state that all of the getters should be memorized. In short, the questions in Anonymous Feb 22, 2009 Oct 01, 2009 Jun 03, 2009 Mar 01, 2011

this book should only cover information presented in this book. The exam is a different animal, but book questions should only test on book information. Note from the Author or Editor: VALID Remove Option E from this question here and on pg 597. Printed Page 588 Question 19, answers B and D (also PDF version) Answer B uses the jsp:invoke, the author already said for page 579: "The jsp:invoke std action is not mentioned in the book so no question should refer to it." Answer D uses the <%@ variable %> tag, which is also not mentioned in the book. Note from the Author or Editor: Right. We will rewrite this question in a future revision. Printed Page 597 Question 15 Question 15 on Page 597 has option E Suhas not checked because it is not the correct Wadadekar answer. However, it says option E is invalid because getAttributesScope("key") does not exist in JspContext. This is WRONG. JspContext does have getAttributesScope("key"). Although it is an abstract method, the nature of the question implies a JspContext implementer. Only in the previous question it says PageContext contains getAttributesScope("key"). And PageContext is a subclass of JspContext Note from the Author or Editor: Correct. Change the comment on OPtion E to "Option E is invalid because this method retrieves the attribute; it only tells you which scope it resides." Printed Page 622 (and PDF) The third line in the second 2rd paragraph and with: configur It should paragraph be : configure , line 3 David Bala ic Aug 28, 2009 Oct 01, 2009 Jan 28, 2010 Mar 01, 2011 David Bala ic Aug 28, 2009

Printed

Page 622 "You configur" should be "You 2nd configure" paragraph , 3rd line Note from the Author or Editor: Corrrect Page 624 last answer

Michael Angstadt

Jan 17, 2010

Sep 01, 2010

Printed

The book says : Container choice: When David no files from the <welcome-file-list> are Bala ic found, the behavior is vendor-specific. Tomcat shows a directory list- ing for the newMember directory (which shows "foo.txt"). Another Container might show a 404 Not Found error. That does not seem to be true. Tomcat 5.5.28 returns a 404 error in this case. (at least on Windows XP Pro SP3) Note from the Author or Editor: OK. Let's flip the last two statements as: "Tomcat shows a 404 Not Found error. Another container could show a directory listing for the newMember directory, which would show the 'foo.txt' file."

Aug 28, 2009

Mar 01, 2011

Printed

Page 628 hand written text

The 2nd paragraph on page 628 says that Anonymous a "non negative value for <load-onstartup>" does something, the handwritten text on the same page makes this "greater than zero", should be greater than or equal to zero according to Sun spec. OTOH Bea documentation refers to "positive" values Note from the Author or Editor: Agreed O'Reilly: Change text to "Any non-negative number means..."

Sep 15, 2008

Mar 01, 2011

Printed

Page 628 BANG section

You can read: "(...)And what if there's Piotr more than one servlet with a <load-onNowicki startup> of 4? The Container loads servlets with the same value in the order in which the servlets are declared in the DD." The specs for Servlets 2.4 and 3.0 says in sections 13.4 (10 - servlet Element) and 14.4 (10 - servlet Element) respectively that: "(...)The container may

Jan 16, 2011

Mar 01, 2011

choose the order of loading of servlets with the same load-on-startup value." Note from the Author or Editor: Replace the last statement in the "BANG" box from "The Container loads servlets..." to "The Container may choose the order of loading of servlets with the same load-on-startup value." Printed Page 664 handwritt en note adjacent to "SERVL ETSPECIFI CATION: " The note says "When it's time for authorization... information to whatever <role-name>'s it find in your DD's <security-role> elements." This note misuses the apostrophe. Actually, it uses the apostrophe correctly, then incorrectly, then correctly again. The plural of <role-name> is <role-name>s. Note from the Author or Editor: OK Rewrite like this: "will map it's vendor-specific "role" information to whatever <role-name> elements it finds in the DD's <security-role> elements." Bottom of page 684: "NOTE: although Anonymous not guaranteed by the spec, in practice virtually every Container uses SSL for guaranteed transport, which means that both INTEGRAL and CONFIDENTIAL do the same thing either one gives you both confidentiality and integrity. Since you can have only one <user-dataconstraint> per <security-constraint>, some people recommend you use CONFIDENTIAL, but again, it will probably never matter in practice, unless you move to a new (and unusual) Container that doesn't use SSL." The last sentence should be changed to more clearly indicate that you are talking about a container that doesn't use SSL for guaranteed transport, not a container that doesn't use SSL at all. SSL is required by the spec, although you don't mention that specifically anywhere but Feb 23, 2009 Mar 01, 2011 Thomas Kennedy Apr 05, 2010 Mar 01, 2011

Printed

Page 684 Bottom

test on it in question 14 on page 834. Note from the Author or Editor: SURE Change the end of the last sentence to "to a new Container that doesn't use SSL for guaranteed transport." Printed Page 719 BANG section In the first sentence you can read: Pedro "(...)an example of using a Decorator Kowalski pattern (although it is also sometimes called Wrapper) pattern" The word pattern is written twice or the second one is not within the parentheses. I think it should be more like: "(...)an example of using a Decorator pattern (although it is also sometimes called Wrapper pattern)" or "(...)an example of using a Decorator pattern (although it is also sometimes called Wrapper)" Note from the Author or Editor: Agreed; please put the last "pattern" within the parenthesis. Printed Page 725 code for getOutput Stream and getWriter the if-statements in the accessors check Anonymous whether streamUsed is already initialized. Now if either method is called a second time an IllegalStateException will be thrown. From the description it seems that should only happen if both methods are called and it should be ok to call the same method several times. If you change the if statement in getOutputStream to "if (streamUsed != null) && (streamUsed == pw) { throw ..." the behavior will be as described Note from the Author or Editor: Correct O'Reilly: This requires two changes. First change the first if statement to: if ( (streamUsed != null) && (streamUsed == pw) ) { Second, change the third if-statement (in the getWriter method) to: if ( (streamUsed Sep 15, 2008 Mar 01, 2011 Jan 16, 2011 Mar 01, 2011

!= null) && (streamUsed == servletGzipOS) ) { Printed Page 759 Code example in middle The code example handles a caught RemoteExeption by throwing a new CustomerException instead. The "handwritten" comment states that the code is supposed to WRAP the caught exception in the higher level one. If that is the case, the RemoteException should probably passed as the constructor parameter of the CustomerException. Note from the Author or Editor: Correct. Rewrite the fourth line of code as: throw new CustomerException(re); Printed Page 784 Question 3 The correct answer to question 3 is C "Composite Delegate". But "Composite Delegate" is not mentioned anywhere in the book. Similar for question 2. Note from the Author or Editor: Right, we should not have a question that relies on information outside of the book. We will replace this question with a new one in the future. Printed Page 793 & 829 Question 3, answer A Answer A is not correct because the class does not need to have a size member. Is does need to have a setter method. Note from the Author or Editor: VALID Rewrite Option A as "The class should have a setter method called setSize." With 'setSize' in bold Courier. Make the same change on pg 829. Printed Page 794, 830 Question 4 The sample code in question, set the Anonymous attribute in request scope. And equivalent code snippet answers are given as C & D. But those two answers create the attribute in page scope (default scope), but not in request scope. scope = 'request' is missing in those two answers. May 20, 2008 Jul 01, 2008 Anonymous Oct 10, 2008 Mar 01, 2011 David Bala ic Aug 31, 2009 Anonymous Jan 28, 2010 Mar 01, 2011

Note from the Author or Editor: This is correct. The text [scope="request"] must be added to the open jsp:useBean tag for *all* options (not just C&D, because this is really an invariant to the question). Make this change on pg 794 as well. Printed Page 794 This is correct. The text Anonymous [scope="request"] must be added to the open jsp:useBean tag for *all* options (not just C&D, because this is really an invariant to the question). Make this change on pg 794 as well. -----------------------------------------------------------------The '/' character should be placed at the Michael very end of the tag. <jsp:useBean Angstadt id="user" type="foo.User"/ scope="request"> should be <jsp:useBean id="user" type="foo.User" scope="request"/> Also applies to p.830. Note from the Author or Editor: Correct; please make this change. The first line of the question is Michael confusingly worded. "Given in a JSP Angstadt page, the line:" should be something like "Given the following line of code from a JSP page:" Note from the Author or Editor: OK, rewrite the first line as: Given the following line of code in a JSP page: The answers currently referenced are B and E. For E to be correct, ServletOutputStream needs to be in the javax.servlet package (not java.io). I would think answer C is also correct because the question asks which types "can be used" and a ServletOutputStream is-an java.io.OutputStream. Anonymous Jan 21, 2009 Jul 01, 2008 Jan 17, 2010 Mar 01, 2011 Jan 17, 2010 Jul 01, 2008

Printed

Page 794 & 830 Final Mock Exam, question 4, answer A Page 810 & 846 Final Mock Exam, question 36

Mar 01, 2011

Printed

Printed

Page 814 Question 47

Note from the Author or Editor: Change option C to "javax.servlet.OutputStream" and change option E to "javax.servlet.ServletOutputStream". These changes make option E valid and option C invalid, as it should be. Printed Page 814 Question 47 The answers currently referenced are B Anonymous and E. For E to be correct, ServletOutputStream needs to be in the javax.servlet package (not java.io). I would think answer C is also correct because the question asks which types "can be used" and a ServletOutputStream is-an java.io.OutputStream. Change option C to "javax.servlet.OutputStream" and change option E to "javax.servlet.ServletOutputStream". These changes make option E valid and option C invalid, as it should be. -----------------------------------------------------------------HFSJ 2nd Ed., printed March 2008 At page 819 and 855 the lines 02. String TITLE = "Welcome to my page"; are wrong, correct are 02. String GREETING = "Welcome to my page"; Note from the Author or Editor: VALID Change all occurrences of "TITLE" with "GREETING" Also on pg 855. Printed Page 824 Answers There aren't answer for question 66 in Final Mock Exam. Note from the Author or Editor: This should have been fixed in the previous re-print. But if not... O'Reilly: Copy the "options content" on pg 861 and paste it at the bottom of pg 824. DO NOT COPY the checkmark and handwrite note about the answer. Anonymous Aug 25, 2008 Mar 01, 2011 Anonymous Nov 25, 2008 Jul 01, 2008

Printed

Page 819, 855 Q55, line 02.

Mar 01, 2011

Printed

Page 824 Question 66

There are no answers given. Note from the Author or Editor: VALID Copy the Options on pg 860 but remove the checkmarks and handwritten comments to the empty space at the bottom of pg 824.

Anonymous

Oct 12, 2008

Mar 01, 2011

Printed

Page 830 Quesiton 4

The sample code in question, set the Anonymous attribute in request scope. And equivalent code snippet answers are given as C & D. But those two answers create the attribute in page scope (default scope), but not in request scope. scope = 'request' is missing in those two answers. This is correct. The text [scope="request"] must be added to the open jsp:useBean tag for *all* options (not just C&D, because this is really an invariant to the question). Make this change on pg 794 as well. -----------------------------------------------------------------Answers are B and E. Option C is also correct, but it's not selected as an answer. Note from the Author or Editor: Add a checkmark to option C Anonymous

Jul 01, 2008

Printed

Page 831 Question 6

Jul 01, 2008

Printed

Page 831 Question 6

Answers are B and E. Option C is also Anonymous correct, but it's not selected as an answer. Added a checkmark to option C ------------------------------------------------------------------the question 8 asks which implicit object Parth can access attributes from Tiwari ServletContext the answer given is only application but option C request can also access its attributes in this wayrequest.getSession().getServletContext(). getAttribute("name"); So answer shall be C,D Note from the Author or Editor: Aug 19, 2010

Jul 01, 2008

Printed

Page 832 Ques. 8

Mar 01, 2011

Correct. Please check option C and rewrite the note as: "Option C is correct because you can access the ServletContext using the HttpSession." Printed Page 833 Question 11 Answers given are A,B,D,E,F But, Anonymous options B and F should not be correct. Only one instance of <auth-constraint> will exist within one <securityconstraint> tag. The deployment descriptor DTD has the following definition for <security-constraint> as per servlet spec is <!ELEMENT security-constraint (web-resourcecollection+, auth-constraint?, user-dataconstraint?)> - This tag implies that authorization, data integrity and confidentiality security features are all declared for the wen application. And not authentication. Authentication is declared using the <login-config> tag. As per the servlet spec - The loginconfig element is used to configure the authentication method that should be used, the realm name that should be used for this application, and the attributes that are needed by the form login mechanism. <!ELEMENT login-config (auth-method?, realm-name?, formloginconfig?)> Note from the Author or Editor: Remove the checkmark from options B and F Printed Page 833 Question 11 Answers given are A,B,D,E,F But, options B and F should not be correct. Only one instance of <auth-constraint> will exist within one <securityconstraint> tag. The deployment descriptor DTD has the following definition for <security-constraint> as per servlet spec is <!ELEMENT security-constraint (web-resourcecollection+, auth-constraint?, user-dataconstraint?)> - This tag implies that Anonymous Jul 01, 2008 Jul 01, 2008

authorization, data integrity and confidentiality security features are all declared for the wen application. And not authentication. Authentication is declared using the <login-config> tag. As per the servlet spec - The loginconfig element is used to configure the authentication method that should be used, the realm name that should be used for this application, and the attributes that are needed by the form login mechanism. <!ELEMENT login-config (auth-method?, realm-name?, formloginconfig?)> Removed the checkmark from options B and F ------------------------------------------------------------------Printed Page 833 Question 11, answer B Answer B states that multiple instances of <auth constraint> can exist within <security constraint>. This is not true. Note from the Author or Editor: VALID Option B is incorrect and should not be checked. Printed Page 834 Question 14 I could not find that: - The book states that a Java EE container must support HTTP cookies. - The book states that a Java EE container must support SSL. Note from the Author or Editor: VALID This question is based on information that is not presented in the book nor is on the SCWCD exam. It should be rewritten. Printed Page 834 & 798 Question 14 Option C Option B: "Java EE containers must Anonymous support URL rewriting." This option is shown as being false and the following note "-Option B URL rewriting is almost always used as the fallback when cookies are not available, but it's NOT a requirement for containers." From the text: Page 237 URL rewriting: something to fall back on "If the client won t take cookies, you can use URL rewriting as a backup. Assuming you do Feb 23, 2009 Mar 01, 2011 Anonymous Oct 12, 2008 Anonymous Oct 10, 2008 Sep 01, 2010

your part correctly, URL rewriting will always work..." Page 239 Q: Is URL rewriting handled in a vendor-specific way? A: Yes, URL rewriting is handled in a vendor-specific way. Tomcat uses a semicolon ; to append the extra info to the URL. Another vendor might use a comma or something else." Servlet Spec 2.4: SRV.7.1.3 URL Rewriting URL rewriting is the lowest common denominator of session tracking. When a client will not accept a cookie, URL rewriting may be used by the server as the basis for session tracking. URL rewriting involves adding data, a session ID, to the URL path that is interpreted by the container to associate the request with a session. The session ID must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid. Here is an example of a URL containing encoded path information: http://www.myserver.com/catalog/index. html;jsessionid=1234 Conclusion: Option B is correct. Note from the Author or Editor: The mock exam question 14 on pg 834 is formally correct because the Servlet spec says "URL rewriting may be used by the server". The use of the word "may" means that URL rewriting is not required by the spec. The content on pg 237 should be rewritten to make it clear that URL rewriting "will NOT always work" if the Container does not support it. This is unfortunately because most modern Containers *do* support it; so I would rather not muddy the message of this section of the book. Instead, i would recommend that we change to the wording of Option B to read "Java EE container may support URL rewriting" and check it. Likewise on pg 798.

Printed

Page 834 Question 14

According to the servlet spec (7.1.3 URL Anonymous rewriting), it is almost impossible to disregard URL as a container requirement. The spec states: "The session ID must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid." Hence answer -B- should be accepted as true. Note from the Author or Editor: OK Check Option B and edit the note as "...is always available as the fallback..."

Aug 13, 2009

Mar 01, 2011

Printed

Page 839 Question 22

Option A is "Only HTTP GET is idempotent." The answer note states "Option A: if a form doesn't explicitly declare a method, GET is assumed." This note actually applies to Option B. Note from the Author or Editor: VALID Change "Option A" to "Option B" in the note and move it down to point to Opt B.

Anonymous

Feb 23, 2009

Mar 01, 2011

Printed

Page 841 Question 26

Only books.clear(); and books = null; Anonymous will cause the text within the c:otherwise tag to display. Therefore answers C and E are correct instead of answers B and D. Note from the Author or Editor: VALID Instead of B and D, C and E should be checked.

Oct 12, 2008

Jul 01, 2008

Printed

Page 841 Question 26

The options marked are B and D. Anonymous Clearly, those two will not satisfy empty operators and will execute the code inside the <c:when> tag. Shouldn't the answers be C and E which staisfies the empty operator and hence will execute the code inside <c:otherwise> tag? the hand written comments correctly mentions that E will satisfy empty operator. Instead of B and D, C and E should be checked. Placed checkmarks in C & E and deleted checkmarks from

Jul 01, 2008

B & D ------------------------------------------------------------------Printed Page 841 Answers for question 26 The wrong answers are ticked for the question. The explanations correctly state that A,B,and D add something to the list, making it NOT empty. This will cause the 'when' clause to execute and not the 'otherwise'. Therefore answers C and E should be ticked not B and D. Note from the Author or Editor: VALID These options should be checked: C and E. Printed Page 843 Question 30 The followint snipet is from the question. 234. <auth-constraint> 235. <role-name>student</role-name> 236. </auth-constraint> And the second security constraint contains: 251. <authconstraint/> Answer D (the selected answer) D: If the second <authconstraint> tag is removed, the constrained resource can be accessed by both roles. Is wrong and answer F: F: If the second <auth-constraint> tag is removed, the constrained resource can be accessed only by student users. Is the correct answer. The book is wrong. Note from the Author or Editor: VALID Remove the checkmark from Option D and put it on Option F. PDF Page 844 question 33 I think E is not correct.. As long as you Anonymous call super() at the end of the method, you can do some general stuff in there. Besides, if the 'servlet' is not an HttpServlet, but a GenericServlet, it even has to! Note from the Author or Editor: Agreed. While it is not recommended to override the HttpServlet.service method; it certainly can be done. This question is poorly written and should be replaced. Even Option A is not completely valid; Sep 06, 2008 Mar 01, 2011 Anonymous Feb 24, 2009 Mar 01, 2011 Anonymous Oct 08, 2008 Sep 01, 2010

although there are extremely few cases where you would need a servlet ctor. O'Reilly: For now just remove the check on Option E. Printed Page 845 Question 34 Answers given are B and D. I agree Anonymous structure is valid with index.html being under WEB-INF directory.But, since the question also asks about changes necessary to make resources accessible, shouldn't option C also be an answer? THE WORDING OF THE STEM FORCES OPTION C TO BE VALID Note from the Author or Editor: Add a checkmark to option C. Change the note for option C to "Option C: index.html must be outside of the WEBINF/ directory to be accessible." Printed Page 845 Question 34 Answers given are B and D. I agree Anonymous structure is valid with index.html being under WEB-INF directory.But, since the question also asks about changes necessary to make resources accessible, shouldn't option C also be an answer? THE WORDING OF THE STEM FORCES OPTION C TO BE VALID Added a checkmark to option C. Changed the note for option C to "Option C: index.html must be outside of the WEB-INF/ directory to be accessible." ------------------------------------------------------------------Question 37 states: You are tasked with Anonymous adding several security features to your company s Java EE web application. Specifically, you need to create several classes of users and based on a user s class, you need to restrict them to use only some of the application s pages. In order to restrict access, you must determine that users are who they say they are. Which are true? (Choose all that apply.) A. If you need to verify that users are who they say they are, you Feb 24, 2009 Jul 01, 2008 Jul 01, 2008

Printed

Page 846 Question 37 answer E

Mar 01, 2011

must use the application s deployment descriptor to implement that requirement. B. Java EE s authorization capabilities should be used to determine that users are who they say they are. C. In order to help you determine that users are who they say they are, you can use the deployment descriptor s <loginconfig> tags. D. In order to help you determine that users are who they say they are, you can use the deployment descriptor s <user-data-constraint> tags. E. Depending on the approach you use, determining that users are who they say they are might require including a "realm". Answer E is one of the correct answers, but the book never discusses how to include a realm in order to provide the authentication necessary. Realm is shown in several examples and is defined as an overloaded term in security, but nothing is ever discussed about including realm-name in the web.xml login-config. Note from the Author or Editor: Agreed, option E is a vendor-specific feature and not part of the SCWCD exam and not covered in the book. Remove option E here and on pg 810. Printed Page 847 & 811 Question 39 Answer D The question reads: Given req is a reference to a valid HttpServletRequest, and: 13. String[] s = req.getCookies(); 14. Cookie[] c = req.getCookies(); 15. req.setAttribute("myAttr1", "42"); 16. req.setAttribute("myAttr2", 42); 17. String[] s2 = req.getAttributeNames(); 18. String[] s3 = req.getParameterValues("attr"); Which lines of code will not compile? (Choose all that apply.) A. line 13 B. line 14 C. line 15 D. line 16 E. line 17 F. line 18 The soultion says that Answer D is not correct. "-Option D: setAttribute() takes a String and an Object, and as of Java 5, Anonymous Feb 24, 2009 Mar 01, 2011

42 can be boxed to an Object." While this may be true for Java 5, this exam does not test on Java 5 as noted on page xxviii of the book: "About the SCWCD (for Java EE 1.5) exam The updated SCWCD exam is called Sun Certified Web Component Developer for the Java Platform, Enterprise Edition 5 (CX310-083), but don t get confused by the title. The updated exam is still designed for Java EE v1.4 and for the servlet v2.4 and JSP v2.0 specifications." Which means autoboxing does not exist and Answer D IS correct. Line 16 will not compile. Note from the Author or Editor: Agreed. Drop option D and line 16 from the question here and on pg 811 Printed Page 848 & 812 Question 41 Options C is wrong. It seems to have Anonymous back-quote and then single-quote around the word personalChecking. C. <c:if test="${account[`personalChecking']}"> Checking that fits your lifestyle.</c:if> The beginning and ending quotes are supposed to be the same no matter where they are nested. It should be singlequoted in both places before and after the word personalChecking. Note from the Author or Editor: Yes, the back-quote should be changed to a single-quote. Furthermore, there should be an additional open-paren in the Java code of the IF-stmt in the stem of the question. Safari Books Online 850 question 45 Q45: Given this fragment from a valid Anonymous doGet() method: 12. OutputStream os = response.getOutputStream(); 13. byte[] ba = {1,2,3}; 14. os.write(ba); 15. RequestDispatcher rd = request.RequestDispatcher("my.jsp"); 16. rd.forward(request, response); Assuming that "my.jsp" adds the bytes 4, Sep 07, 2008 Mar 27, 2009 Mar 01, 2011

5, and 6 to the response, what is the result? A. 123 B. 456 C. 123456 D. 456123 E. An exception is thrown Answer according to HF is B: - because os.flush() wasn t called, the uncommitted output (123), is cleared, and forward is invoked without exception. If os.flush() had been called before forward, an IllegalStateException would have been thrown. This is not true. The above code will always cause an IllegalArgumentException, flushed or not. The implementation class of the JSP page will create a PageContext object, which in turn will call getWriter() on the response object (to set its out property). Because the response object already called getOutputStream(), it will throw an exception. Note from the Author or Editor: This requires more research and if the reader is correct (I suspect so), then this item needs to be rewritten. Printed Page 850 Question 45 In line 15 of the shown code, you can Piotr read: RequestDispatcher rd = Nowicki request.RequestDispatcher("my.jsp"); I assume, that the "get" in the method name was lost and it supposed to be: RequestDispatcher rd = request.getRequestDispatcher("my.jsp"); Note from the Author or Editor: Correct. (and on pg 814) Printed Page 850 Question 47 The answers currently referenced are B and E. For E to be correct, ServletOutputStream needs to be in the javax.servlet package (not java.io). I would think answer C is also correct because the question asks which types "can be used" and a ServletOutputStream is-an java.io.OutputStream. Anonymous May 19, 2008 Jul 01, 2008 Feb 27, 2011

Note from the Author or Editor: VALID Change option C to "javax.servlet.OutputStream" and change option E to "javax.servlet.ServletOutputStream". These changes make option E valid and option C invalid, as it should be. Make these changes also on pg 814. Printed Page 850 Question 47 The answers currently referenced are B Anonymous and E. For E to be correct, ServletOutputStream needs to be in the javax.servlet package (not java.io). I would think answer C is also correct because the question asks which types "can be used" and a ServletOutputStream is-an java.io.OutputStream. Change option C to "javax.servlet.OutputStream" and change option E to "javax.servlet.ServletOutputStream". These changes make option E valid and option C invalid, as it should be. -----------------------------------------------------------------The getOutputStream method returns a javax.servlet.ServletOutputStream. The java.io.ServletOutputStream mentioned in answer E does not exists. Note from the Author or Editor: VALID Change "java.io" in Option E to "javax.servlet" Also on pg 814. Printed Page 851 Answers for question 49 Again, wrong answer ticked. It should be Anonymous D not C because 'jsp' is a reserved keyword. Explanation are again correct, just the tick is the wrong box. Note from the Author or Editor: VALID Move the checkmark to option D Printed Page 851 Question 49 Answer given is C. Whereas the answer should be D. Handwritten comment agrees with this statement. Moved the Anonymous Jul 01, 2008 Oct 08, 2008 Jul 01, 2008 Anonymous Oct 12, 2008 Jul 01, 2008

Printed

Page 850 Question 47

Sep 01, 2010

checkmark to option D ------------------------------------------------------------------PDF Page 854 Question 54 Line 63 could be valid. The question does not say that if IOException is user defined exception or standard Java IO Exception (also that's what all the answer options are, not java.io.IOException). IOException in could be assumed from the default package and could be a user defined exception. Therefore the correct answer should be D. Note from the Author or Editor: I reluctantly agree. This question should be rewritten for the next Edition. The whole structure of the question depends upon a java.io.IOException being thrown but it is not clear. Furthermore, there is not "invalid" about the DD snippet shown so option A is not correct. Printed Page 857 & 821 Question 60 Option D Question 60: When comparing servlet Anonymous initialization parameters to context initialization parameters, which are true for both? (Choose all that apply.) D. Both can be directly accessed from a JSP. Option D is marked as not true with the following explanation: "-Option D: only context params can be directly accessed from JSPs." JSP's have a config impicit object which can be used to access the init params for it's ServletConfig. ServletConfig.getInitParameter(String). Option D IS correct as written. Note from the Author or Editor: Option D should be rewritten as "Both can be directly accessed from a JSP using the Expression Language." This change must also be done on pg 821. Printed Page 860 Final Mock The annotation on Option C states "If nothing else, doFilter() must invoke chain.doFilter()". This is not true. You Nige Wheeler May 05, 2010 Mar 01, 2011 Feb 25, 2009 Mar 01, 2011 Riken Shah Jul 21, 2009

Exam Q65, Option C

can choose to block the request by not making the call to invoke the next entity. In this case, the filter is responsible for filling out the response. This is stated on the Sun site (http://java.sun.com/products/servlet/Filt ers.html) and also earlier in the book on P735 Q5 answer E. Note that option C should STILL be checked, though, as you will EITHER have to invoke chain.doFilter() OR fill out the response. Note from the Author or Editor: Valid enough. Rewrite the note by Option C to "Option C: you need to either invoke chain.doFilter() or generate an appropriate response."

Printed

Page 863 Question 69

Answer D is not correct. Answer B is correct. Note from the Author or Editor: VALID Answer is D, which is wrong because that allows the BEGINNERs to access resources in directory2. B should be the answer. Move the checkmark to option B

Anonymous

Oct 12, 2008

Jul 01, 2008

Printed

Page 863 Question 69

Answer is D, which is wrong because Anonymous that allows the BEGINNERs to access resources in directory2. B should be the answer. Moved the checkmark to option B ------------------------------------------------------------------This is to dispute earlier errata regarding Anonymous question 69. The question states: Your web application has a valid dd with a single <security-constraint> tag. Within this tag exists: - a single http method that declares GET All of the resources in your application exist within directory1 and directory2 and the only defined roles are BEGINNER and EXPERT. If you want to restrict BEGINNERs from using resources in directory2, which are true about the url and role tag(s) you should Feb 25, 2009

Jul 01, 2008

Printed

Page 863 & 827 Question 69

Mar 01, 2011

declare? (Choose all that apply.) A. A single url tag should declare directory1 and a single role tag should declare EXPERT. B. A single url tag should declare directory2 and a single role tag should declare EXPERT. C. A single url tag should declare directory1 and a single role tag should declare BEGINNER. D. A single url tag should declare directory2 and a single role tag should declare BEGINNER. E. One url tag should declare ANY and its role tag should declare EXPERT, and another url tag should declare directory2 and its role tag should declare BEGINNER. F. One url tag should declare both directories, and its role tag should declare EXPERT, and another url tag should declare directory1 and its role tag should declare BEGINNER. None of these will do what is wanted. Here's why.... Since <httpmethod>GET</http-method> is used, only the GET method will be constrained. ALL OTHER METHODS WILL BE UNCONSTRAINED, FOR EVERYONE. If Option B is chosen, EXPERT will be the only role allowed to perform GET requests on directory2, but everyone else (BEGINNER & EXPERT) will be able to perform POST, TRACE, PUT, etc. If the question were more specific in asking what could be done to prevent BEGINNERs from performing GET requests on directory, then Option B would be the correct choice. As it is written, there are no correct answers to this question. Note from the Author or Editor: Yes, you are right but the intent of the question is clear just not explicit. The last sentence of the stem should by rewritten as: "If you want to restrict BEGINNERs from retrieving static resources..." NOT: "If you want to restrict BEGINNERs from using

resources..." because the word "use" is too loose. Printed Page 877 and 878 Text from crosswords is cut off. Note from the Author or Editor: Made changes to ensure all text prints. Printed Page 877 and 878 Text from crosswords was cut off. Made changes to ensure all text prints. Anonymous Jul 01, 2008 Anonymous Jul 01, 2008