Head First Servlets and JSP phần 9 potx

Deploying your web app Head First Servlets and JSP By Bert Bates, Kathy Sierra, Bryan Basham ISBN: 0596005407 Publisher: O'Reilly Prepared for Stephen Goss, Safari ID: stephengoss@gmx.ne

Trang 1

(Optional sub-elements for both tags include

<description> and <ejb-link>, but you donÕt need to know that for the exam.)

These must be fully-qualiÞed names

of the beanÕs exposed interfaces.

The JNDI lookup name youÕll use in code.

FRQ¿JXULQJ (-% UHIHUHQFHV

Trang 2

PHDQV²\RXGRQ¶WQHHG(-%NQRZOHGJHIRUWKLVH[DP 7KHHMEUHIW\SH!GHVFULEHVZKHWKHUWKLVLVDQ(QWLW\RU6HV

HME ORFDO UHI!

HME UHPRWH UHI!

Right! ThereÕs no ÒremoteÓ in the tag.

Yes

Wrong!!

PR UHPRW

UHPRW PR

Chapter 11 Deploying your web app

Head First Servlets and JSP By Bert Bates, Kathy Sierra, Bryan Basham ISBN: 0596005407 Publisher: O'Reilly Prepared for Stephen Goss, Safari ID: stephengoss@gmx.netPrint Publication Date: 8/1/2004 User number: 747221 Copyright 2007, Safari Books Online, LLC.This PDF is exclusively for your use in accordance with the Safari Terms of Service No part of it may be reproduced or transmitted in any form by any means without the prior

Trang 3

The lookup name youÕll use in code.

This can be any type that takes

a single String as a cons tructor parameter (or a single C

haracter if itÕs java.lang.Character).

This will be passed in as a Str

ing (or a single Character if the <env-entry-typ

e>

is java.lang.Character).

Note: you can a lso include an optional <descr iption>, which is a REALLY REALLY good idea.

Trang 4

Do NOT include the dot Ò.Ó !

Trang 6

Trang 7

If NOT deployed inside a JAR, Tag Files must be inside WEB-INF/tags, or

a subdirectory of WEB-INF/tags If deployed in a JAR, Tag Files must

be in META-INF/tags, or a subdirectory of META-INF/tags Note: Tag Files deployed in a JAR must have a TLD in the JAR.

Client-accessible HTML and JSPs can be anywhere under the root of the web app

or any of its subdirectories, EXCEPT they cannot be under WEB-INF (including subdirectories) In a WAR Þle, they canÕt be under META-INF (including subdirectories).

Pages under WEB-INF (or META-INF in a WAR Þle) cannot be directly accessed by clients.

If NOT inside a JAR, TLD Þles must be somewhere under WEB-INF or

a subdirectory of WEB-INF If deployed in a JAR, TLD Þles must be somewhere under META-INF, or a subdirectory of META-INF.

Servlet classes must be in a directory structure matching the package structure, placed directory under WEB-INF/classes (for example, class com.

example.Ring would be inside WEB-INF/classes/com/example), or in the appropriate package directories within a JAR inside WEB-INF/lib).

Actually ALL classes used by the web-app (unless theyÕre part of the class libraries on the classpath) must follow the same rules as servlet classesÑinside WEB-INF/classes, in a directory structure matching the package (or in the appropriate package directories within a JAR inside WEB-INF/lib).

JAR Þles must be inside the WEB-INF/lib directory.

6KDUSHQ \RXU SHQFLO :KHUHWKLQJVJR

)LOOLQWKLVWDEOHZLWKH[SOLFLWQRWHVRQZKHUHLQWKHZHEDSS

WKHUHVRXUFHPXVWEHSODFHG:HGLGWKHILUVWRQHIRU\RX

Trang 8

home !FRPZLFNHGO\VPDUW&XVWRPHU+RPH/home !

remote !FRPZLFNHGO\VPDUW&XVWRPHU/remote !

HMEUHI!

HUURUSDJH!

exception-type !MDYDLR,2([FHSWLRQ/exception-type !

location !P\HUURUMVS/location !

HUURUSDJH!

HQYHQWU\!

env-entry-name !UDWHVGLVFRXQW5DWH/env-entry-name !

env-entry-type !MDYDODQJ,QWHJHU/env-entry-type !

HQYHQWU\YDOXH!HQYHQWU\YDOXH!

Tells the Container which page

to show when the sp eciÞed

<exception-typ e> occurs.

Tells the Container which page

to look for when a request comes

in that doesnÕt match a speciÞc

resource There can be more than

one <welcome-Þle> speciÞed in

the <welcome-Þle-list>.

Trang 10

Trang 12

Trang 13

 FKDSWHU

7HICHELEMENT

Trang 14

(Servlet spec pg 107) -Option B is incorrect because web.xml does not contain an element named <web-application>

- Option D is incorrect because

<context-param> elements do not contain <init-param>

-WAR stands for Web ARchive, and portions of a web application cannot be contained in a WAR Þle; only an entire application can reside within a WAR Þle.

Trang 15

-Option D is not correct because /WEB-INF/lib

is designed as the container for JAR Þles

7HATAPPLY

-web.xml should be stored in /WEB-INF regardless of whether the deployment involves a WAR or an exploded directory structure

PRFN DQVZHUV

Trang 16

-Initialization parameters can have web app scope or servlet scope Those with servlet scope are named <init-param>

in the DD, and take and return a String Those with web app scope are named

<context-param> in the DD and also take and return a String

-Options C and E are invalid as they are not valid elements in the http://java.sun.com/JSP/Page namespace.

Trang 17

(servlet spec pg 86)

PRFN DQVZHUV

Trang 18

\RXDUHKHUH 

7HICHELEMENT

-The <web-app> element is the root element

of the web application deployment descr iptor

7HICH

syntax is valid in JSP Documents.

-Option B is incorrect because the webapp may use the getResource method from the webappÕs class loader to access any WAR Þle

-Options C & D are incorrect because the webapp must NOT override any class in the java.*

or javax.* namespaces.

Trang 20

7E BUT ITS

Chapter 12 Keep it secret, keep it safe

Head First Servlets and JSP By Bert Bates, Kathy Sierra, Bryan Basham ISBN: 0596005407 Publisher:

O'Reilly

Prepared for Augusto Jaramillo Forcada, Safari ID: augustojf.cv@gmail.comPrint Publication Date: 8/1/2004 User number: 729515 Copyright 2007, Safari Books Online, LLC.This PDF is exclusively for your use in accordance with the Safari Terms of Service No part of it may be reproduced or transmitted in any form by any means without the priorCopyright Safari Books Online #729515

Trang 22

O'Reilly

Prepared for Augusto Jaramillo Forcada, Safari ID: augustojf.cv@gmail.comPrint Publication Date: 8/1/2004 User number: 729515 Copyright 2007, Safari Books Online, LLC.This PDF is exclusively for your use in accordance with the Safari Terms of Service No part of it may be reproduced or transmitted in any form by any means without the prior

Trang 24

BEMEMBERSHIP

%RE¶VVHFXULW\ SURMHFW

O'Reilly

Trang 25

\RXDUHKHUH 

AUTHENT ICATION - W henever someone mentions passwords, theyÕre probably ta lking about authentication is this guy who he says

he is? If so, he should know his password!.

AUTHORIZATION - Onc

e we have lking to, we hed who weÕre ta establis

want to make sur

e that theyÕr

e o do what they want t allowed t

o do.

CONFIDENT IALITY - It would be a terrible secur ity br each if a userÕs credi

t

card number fell int

o the wrong hands!

CONFIDENT IALITY & DA

TA

At this point the serv

er is returning imp ortant

and priva

te informa tion It would be bad

if the informa tion was seen or a

ltered by an

eavesdropp er.

/NE

GOTSAID

SOMEBEFORh3ECURITYv

YOURESECURITY4HE

PITCHONCEh/+vh!SNOW

GETTINGHAPPY

EE

MORE

OURAND

EQUENT

PROGRAM

USERCAN

OUR

CREDIT

BETTER

ACTUALLY

h)TS

v

USERTHEM

CONl

v

IDEAv )

ONLY

&REQUENT EWERS

h)KNOW

T

BE

MEMBERSHIP

O

S

TTEENAYELE

ANDEEM

MAKEA

MAT

Q

THINKKN

Trang 26

O'Reilly

Trang 28

"OB

3HUIRUPHGVRPHDXWKRUL]DWLRQ

/NCEREALHASRESOURCE

ANDTOGETHER7HOA

O'Reilly

Trang 30

O'Reilly

Trang 31

HARD MEANPAINFUL

ASPECTS

$/

COMPLICATED

Trang 32

O'Reilly

Trang 33

The control for authentication is loca ted in some

sort of data structure like this In T omcat, you

can use an XML Þle ca

lled Òtomcat-users.xmlÓ that holds name-password-role sets tha

t the Container uses at authentication time.

Your app server will use something different but SOMEHOW i t will let you map users to passwords and roles.

in your DD t o get authentica

tion.

Trang 34

XVHUXVHUQDPH ´$QQLH´SDVVZRUG ´DGPLQ´UROHV ´$GPLQ0HPEHU*XHVW´!

XVHUXVHUQDPH ´'LDQH´SDVVZRUG ´FRGHU´UROHV ´0HPEHU*XHVW´!

XVHUXVHUQDPH ´7HG´SDVVZRUG ´QHZELH´UROHV ´*XHVW´!

WRPFDWXVHUV!

In Tomcat, the tomcat-user s.xml should look a lot like this Notic e that a single user can have multiple roles.

´

´S

DonÕt forget that you always need the

<login-conÞ g> element if you want to enable authentication.

O'Reilly

Trang 35

The <http-method> element(s) describe which HTTP methods are constrained (restricted) for the resources deÞ ned by the URL The optional <auth-constraint> element lists which roles CAN invoke the constrained HTTP Methods In other words, it says WHO is allowed to do a GET and POST on the speciÞ ed URL patterns.

Trang 36

If there were NO <http-method>

elements, in the collection>, it would mean that NO HTTP Methods are allowed, by ANYONE in any role But since we DID put in one for GET, it means that only GET is constrained, but anyone in any role can access POST (or the other HTTP Methods).

O'Reilly

Head First Servlets and JSP By Bert Bates, Kathy Sierra, Bryan Basham ISBN: 0 596 005407 Publisher: O''Reilly Prepared for Stephen Goss, Safari...

Head First Servlets and JSP By Bert Bates, Kathy Sierra, Bryan Basham ISBN: 0 596 005407 Publisher: O''Reilly Prepared for Stephen Goss, Safari... app

Head First Servlets and JSP By Bert Bates, Kathy Sierra, Bryan Basham ISBN: 0 596 005407 Publisher: O''Reilly Prepared for Stephen Goss, Safari

Định dạng
Số trang	74
Dung lượng	1,85 MB