The web.xml is an integral part of any Web-Application and its never too late to take a closer look into the series of Tags that make the wonders of the Web come to Life. Lets start off :
The <load-on-startup> Tag :
Specify the order in which we want to initialize various Servlets. Like first initialize Servlet1 then Servlet2 and so on.This is accomplished by specifying a numeric value for the <load-on-startup> tag. <load-on-startup> tag specifies that the servlet should be loaded automatically when the web application is started.The value is a single positive integer, which specifies the loading order. Servlets with lower values are loaded before servlets with higher values (ie: a servlet with a load-on-startup value of 1 or 5 is loaded before a servlet with a value of 10 or 20).
- Less than zero (<0) :Servlet is not preloaded.
For example: <load-on-startup>-1</load-on-startup>
- Greater than or equal to zero (>=0) :Servlet is preloaded. The order of its loading, with respect to other preloaded servlets in the same Web application, is according to the load-on-startup value, lowest number first. (For example, 0 is loaded before 1, which is loaded before 2.)
For example: <load-on-startup>1</load-on-startup>
- Empty element : The behavior is as if the load-on-startup value is Integer.MAX_VALUE, ensuring that the servlet is loaded after any servlets with load-on-startup values greater than or equal to zero.
When loaded, the init() method of the servlet is called. Therefore this tag provides a good way to start any daemon threads, such as a server listening on a TCP/IP port, or a background maintenance thread perform initialisation of the application, such as parsing a settings file which provides data to other servlets/JSPs If no <load-on-startup> value is specified, the servlet will be loaded when the container decides it needs to be loaded - typically on it's first access. This is suitable for servlets that don't need to perform special initialisation.
Eg: Calling servlet or jsp without form action from the web.xml.
<servlet> <servlet-name>LoadProxyBeanSettings</servlet-name> <servlet-class>POC.spring.Servlets.LoggingProxyFactoryBeanAutoLoadServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet>
The <taglib> Tag :
The optional taglib element describes a JSP tag library.This element associates the location of a JSP Tag Library Descriptor (TLD) with a URI pattern. Although you can specify a TLD in your JSP that is relative to the WEB-INF directory, you can also use the <taglib> tag to configure the TLD when deploying your Web application. Use a separate element for each TLD.
<taglib> <taglib-uri>http://java.sun.com/jstl/fmt</taglib-uri> <taglib-location>/WEB-INF/fmt.tld</taglib-location> </taglib>
The URI : http://java.sun.com/jstl/fmt can be used at JSPs to use the tags:
<%@ taglib uri='http://java.sun.com/jstl/fmt' prefix='hw' %> <html> <body> <hw:HelloWorld /> </body> </html>
The <error-page> Tag :
The error-page element defines exceptions by exception type or by error code, as the following sections describe. The order of these elements in the web.xml file determines the error handler. JRun redirects the error processing to the location specified by the first error-page element that matches the error-code or exception-type.
<error-page> <exception-type>java.io.FileNotFoundException</exception-type> <location>/error-pages/404.jsp</location> </error-page>
You define an HTTP status code for the error-code element and then map the code to a destination in the location element. The following example maps the HTTP 500 (Internal Server Error) status code to the servererror.jsp page:
<error-page> <error-code>500</error-code> <location>/error-pages/servererror.jsp</location> </error-page>
The <security-constraint> Tag :
<security-constraint> <display-name>Landing Page</display-name> <web-resource-collection> <web-resource-name>Root Dir</web-resource-name> <url-pattern>/</url-pattern> <http-method>GET</http-method> </web-resource-collection> <web-resource-collection> <web-resource-name>Online Demo</web-resource-name> <url-pattern>/OnlineAppDemo/SeamlessLoginDemo.html</url-pattern> </web-resource-collection> <web-resource-collection> <web-resource-name>Landing Page JSP</web-resource-name> <url-pattern>/landing.jsp</url-pattern> </web-resource-collection>.......... </security-constraint> <security-constraint> <display-name>Javascript Files</display-name> <web-resource-collection> <web-resource-name>Javascript Directory</web-resource-name> <url-pattern>/javascript/*</url-pattern> </web-resource-collection> </security-constraint> <security-constraint> <display-name>Secure SSL Pages</display-name> <web-resource-collection> <web-resource-name>ALL PAGES</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>xrm_admin</role-name> </auth-constraint> <user-data-constraint> <description>Secure SSL Page</description> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>......
- The content to be secured is declared using one or more <web-resource-collection> elements.
- Each <web-resource-collection> element contains an optional series of <url-pattern> elements followed by an optional series of <http-method> elements.
- The <url-pattern> element value specifies a URL pattern against which a request URL must match for the request to correspond to an attempt to access secured content. The <http-method> element value specifies a type of HTTP request to allow.
The <user-data-constraint> Tag : The optional <user-data-constraint> element specifies the requirements for security of data on the transport layer , while transmission to/from the client to server connection.The <transport-guarantee> element value specifies the degree to which communication between the client and server should be protected.
- A value of NONE means that the application does not require any transport guarantees.
- A value of INTEGRAL means that the application requires the data sent between the client and server to be sent in such a way that it can not be changed in transit.
- A value of CONFIDENTIAL means that the application requires the data to be transmitted in a fashion that prevents other entities from observing the contents of the transmission.
- In most cases, the presence of the INTEGRAL or CONFIDENTIAL flag indicates that the use of SSL is required.
The <login-config> Tag :
A web container can authenticate a web client/user using either HTTP BASIC, HTTP DIGEST, HTTPS CLIENT or FORM based authentication schemes. The optional <login-config> element is used to configure the authentication method that should be used, the realm name that should be used for the application, and the attributes that are needed by the form log in mechanism.
- In case we like to utilize the browser authentication mechanism, HTTP BASIC as defined in the HTTP 1.0 specification.
....</security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>default</realm-name> </login-config>
If an HTTP receives an anonymous request for a protected resource it can force the use of Basic authentication by rejecting the request with a 401 (Access Denied) status code and setting the WWW-Authenticate response header as shown below: HTTP/1.1 401 Access Denied
WWW-Authenticate: Basic realm="My Server"
Content-Length: 0
- We would like to utilize HTTPS Client authentication mechanism that is based on digital certificates. The authentication is based on the user's X509 certificate.
....</security-constraint> <login-config> <auth-method>CLIENT-CERT</auth-method> <realm-name>JMX Console</realm-name> </login-config>
- We would like to utilize FORM based authentication mechanism.FORM based mechanism provides flexibility in defining a custom jsp/html page for login and another page to direct for errors during login.
....</security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>xrm</realm-name> <form-login-config> <form-login-page>/login/login.jsp</form-login-page> <form-error-page>/login/login-error.jsp</form-error-page> </form-login-config> </login-config>
login.jsp :
<form id="login-form" method="post" action="<%=request.getContextPath()%>/login"> <tr> <td>Username:</td> <td><input class="textfield" type="text" id="username" autocomplete="off" name="j_username" maxlength="24"/></td> </tr> <tr> <td>Password:</td> <td><input class="textfield" type="password" id="password" autocomplete="off" name="j_password" maxlength="16"/></td> </tr> <tr> <td></td> <td align="right"><input type="button" value="Login" class="button" onclick="launchApplicationWindow(this.form)" /></td> </tr> </form>
web.xml :
<servlet-mapping> <servlet-name>DP Login Servlet</servlet-name> <url-pattern>/login</url-pattern> </servlet-mapping> <servlet> <servlet-name>DP Login Servlet</servlet-name> <servlet-class>com.dp.authentication.LoginServlet</servlet-class> </servlet>
LoginServlet.java :
String username = request.getParameter("j_username"); String password = request.getParameter("j_password"); request.getSession().invalidate(); request.getSession(true).setAttribute("credentialStorage", new CredentialStorage(username, password)); RequestDispatcher rd = request.getRequestDispatcher("/login/login-submit.jsp"); rd.forward(request, response);
The <context-param> Tag :
This tag provides parameters to the entire context / web application. More like a global variable accessible to the entire web application. Example Administrator Mail Addresses , etc.
<context-param> <param-name>AdministrativeMail</param-name> <param-value>SohamAdmin@TechnoModule.com</param-value> </context-param> <context-param>.......</context-param>
The value so set can be retrieved at the Servlet level as shown :
sesID=(String)getServletContext().getAttribute("CompanyName");
Instead of providing the value at the web.xml , we can also set and get the value of a Context-Param variable through Application Code as shown :
getServletContext().setAttribute("User_Count", sesID); sesID=(String)getServletContext().getAttribute("User_Count");
The <filter> / <filter-mapping> Tag :
Servlet Filters are Java classes that can be used in Servlet Programming for the following purposes : To intercept requests from a client before they access a resource at back end.To manipulate responses from server before they are sent back to the client.There are are various types of filters suggested by the specifications:
- Authentication Filters.
- Data compression Filters
- Encryption Filters .
- Filters that trigger resource access events.
- Image Conversion Filters .
- Logging and Auditing Filters.
- MIME-TYPE Chain Filters.
- Tokenizing Filters .
- XSL/T Filters That Transform XML Content.
<filter> <filter-name>Seam Servlet Filter</filter-name> <filter-class>org.jboss.seam.servlet.SeamServletFilter</filter-class> </filter> <filter-mapping> <filter-name>Seam Servlet Filter</filter-name> <url-pattern>*.pdf</url-pattern> </filter-mapping>
The <servlet> / <servlet-mapping> and <init-param> Tag :
Servlet mapping controls how you access a servlet.
First you configure the servlet. This is done using the <servlet> element. Here you give the servlet a name, and writes the class name of the servlet.Second, you map the servlet to a URL or URL pattern. This is done in the <servlet-mapping> element. In the above example, all URL's ending in /Login are sent to the servlet.
<servlet> <servlet-name>LoginServlet</servlet-name> <servlet-class>com.POC.MyLoginServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>LoginServlet</servlet-name> <url-pattern>/Login</url-pattern> </servlet-mapping>
The <init-param> tag provides parameters to a single servlet or filter and can be configured as follows.A single <init-param> tag is used for each parameter.The actual parameter name and value are set using <param-name> and <param-value> :
<servlet> <servlet-name>Login Servlet</servlet-name> <servlet-class>com.foo.LoginServlet</servlet-class> <init-param> <description>Authors Mail Id</description> <param-name>PersonalMailID</param-name> <param-value>soham.roy@xyz.com</param-value> </init-param> </servlet>
The value so set can be retrieved at the Servlet Level (specific Servlet in which the
getServletConfig().getInitParameter("PersonalMailID");
The <resource-ref> Tag :
Resources are mainly used to access SQL DataSource object for use in BMP (Bean Managed Persistence) entity beans or session beans. They can also be used to access other type of resources like JavaMail Session for example.resource-ref is for "resource manager connection factory" objects that can give you connections to a resource manager. The typical example is for javax.sql.DataSource from which you can get JDBC connections (javax.sql.Connection).
Understanding the URL Pattern :
Resources are mainly used to access SQL DataSource object for use in BMP (Bean Managed Persistence) entity beans or session beans. They can also be used to access other type of resources like JavaMail Session for example.resource-ref is for "resource manager connection factory" objects that can give you connections to a resource manager. The typical example is for javax.sql.DataSource from which you can get JDBC connections (javax.sql.Connection).
<resource-ref> <res-ref-name>jdbc/XrmDb</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref>
Understanding the URL Pattern :
<url-pattern>/status/*</url-pattern> http://example.com/examples/status/synopsis Matches http://example.com/examples/status/complete?date=today Matches http://example.com/examples/status Matches http://example.com/examples/server/status Does not match <url-pattern>*.map</url-pattern> http://example.com/examples/US/Oregon/Portland.map http://example.com/examples/US/Washington/Seattle.map http://example.com/examples/Paris.France.map
No comments:
Post a Comment