Errata for HeadFirstServlet&JSP2nded

8/3/2019 Errata for HeadFirstServlet&JSP2nded

1/40

Errata forHead First Servlets and JSP

Print

Submit your own errata for this product.

y Confirmed Erratay Unconfirmed Errata

The errata list is a list of errors and their corrections that were found after the product wasreleased. If the error was corrected in a later version or reprint the date of the correction will bedisplayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the authoror editor.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting errorTypo Question

Version Location

Submitted

By

Date

Submitted

Date

Correcte

Printed Page 30Deploymentdescriptor

instead of "ISO-8851-1" it should be"ISO-8859-1"

Note from the Author or Editor:

Correct.

Anonymous Jul 09,2008

Mar 01,2011

Printed Page 122last line

InputStream input =request.getInputStream(); but in the javadoc is : getInputStream() returnsServletInputStream

Note from the Author or Editor:While the book is technically correctbecause the ServletInputStream is asubclass of InputStream, it would be bestto use the more specific class in the text.So please change the last line of code to:

Anonymous Oct 03,2010

Mar 01,2011


2/40

ServletInputStream input =getInputStream();

Printed Page 123First

paragraph5th line

It says: "possible to create a servlet thatproceses a..." It should says "processes"

instead.

Note from the Author or Editor:Change "process" to "handles" like this:It is also possible to create a servlet thathandles a...

GermanGonzalez-

Morris

Jan 13,2010

Mar 01,2011

Printed Page 186Attributesare notParameters - 4th

row 3rdcolumn

Replace the existing text in the 4th/3rdcell with:ServletContext.getInitParameter(Stringname)ServletConfig.getInitParameter(String

name)ServletRequest.getParameter(Stringname) Also, for consistency replace theexisting text in the 4th/2nd cell with:ServletContext.getAttribute(Stringname) HttpSession.getAttribute(Stringname)ServletRequest.getAttribute(Stringname)

Anonymous Jul 01, 20

Printed Page 186 Attributes are not Parameters - 4th row

3rd column; Method to get shouldmention getParameter(String name) forgetting request parameters. It hasmentioned only getInitParameter(Stringname) which is applicable only forgetting context and servlet init params.Replaced the existing text in the 4th/3rdcell with:ServletContext.getInitParameter(Stringname)ServletConfig.getInitParameter(String

name)ServletRequest.getParameter(Stringname) Also, for consistency replaced theexisting text in the 4th/2nd cell with:ServletContext.getAttribute(Stringname) HttpSession.getAttribute(Stringname)ServletRequest.getAttribute(String



3/40

name) --------------------------------------------------------------------

Printed Page 217Answer

toQuestion1

Answer states B and C are correct whenassociated comment (correctly) states

(only) answer B is correct.

Note from the Author or Editor:UncheckC


Printed Page 217AnswertoQuestion1.

Answer states B and C are correct whenassociated comment (correctly) states(only) answer B is correct. Unchecked C--------------------------------------------------------------------


Printed Page 217

AnswertoQuestion1

There is already an errata for this,

saying: Answer states B and C arecorrect when associated comment(correctly) states (only) answer B iscorrect. Note from the Author or Editor:UncheckC -- For reference: B is "flush"and C is "write". By experimenting withTomcat 5.5.28 on Windows XP Pro SP3I discovered, that write() can also causethe error:java.lang.IllegalStateException: Cannotforward after response has been

committed And print() too. It is so, thatafter a certain amount of data(getBufferSize() ? ) is put either bywrite() or print(ln)(), the buffer goes tocommited state (isCommitted()==true),even if flush() is not called. So thecorrect answer is B and C. (and ifprint(ln) were listed too, that would be acorrect answer too).


Already fixed in the 2nd Edition.

David

Balaic

Aug 21,

2009

Jul 01, 20

Printed Page 221AnswertoQuestion11

The explanation says A and B arewrong, as the order is determined by theDD. But that fact is never mentionedbefore the mock exam. OK, you learn itthe "hard" way, but it still gives a weird

DavidBalaic

Aug 21,2009


4/40

impression. Was this on purpose?

Note from the Author or Editor:We never intend to create questions thatdepended knowledge external to the

book's content. If this content did notmake it into the book, please accept myapologies. A fix for the lack of contentmust wait until the next edition.

Printed Page 222Question15,AnswerC

AnswerC implies that if I use aServletRequest and ServletContextobtain a RequestDispatcher for aresource, then the path to the resourcewill be different (i.e. will change). Thisis not correct if the argument to both

getRequestDispatcher calls begins with aforward slash, which means relative tothe context root in both cases. It iscorrect to say the paths can be different,but it is not a mandatory condition.

Note from the Author or Editor:Change option C text from "to willchange" to "to may change"


Printed Page 222Question

15,AnswerC

AnswerC implies that if I use aServletRequest and ServletContext

obtain a RequestDispatcher for aresource, then the path to the resourcewill be different (i.e. will change). Thisis not correct if the argument to bothgetRequestDispatcher calls begins with aforward slash, which means relative tothe context root in both cases. It iscorrect to say the paths can be different,but it is not a mandatory condition.Changed option C text from "to willchange" to "to may change" ---------------

-----------------------------------------------------


Printed Page 222Question14Answerfor

HFSJ 2nd Edition Third Indian Reprint2008 I downloaded the Servlet 2.4 api's.Navigate to ServletContext, it doesn't listgetContextPath() as one of the methodsfor ServletContext. So getContextPath

KamalTripathi

Feb 19,2009

Oct 01, 20


5/40

ServletContext

should not be listed againstServletContext.

Note from the Author or Editor:VALID Remove "getContextPath" from

the center cell of this grid.

Printed Page 222answer toquestion14,written"note"

"At this point this shouldn't really aboutmemorization..." should be "At this pointthis shouldn't really be aboutmemorization..."

Note from the Author or Editor:Correct

MichaelAngstadt

Jan 17,2010

Mar 01,2011

Printed Page 239last

question

The answer to question "Is URLrewriting handled in a vendor-specif c

way?" claims, that the use of ; as aseparator is not mandated and that thepresence of the "jsessionid=" is optional.This appear to contradict the servlet specv2.4 chapter 7.1.3. There is says, I quote:The session ID must be encoded as apath parameter in the URL string. Thename of the parameter must bejsessionid. (end quote) Path parametersin URL's are encoded by ";" followed byparameter. So there is not much choice

left, besides;jsessionid= Onthe other hand, the URL/URI RFCs(1738, 2396, 3986) are bit hard to readand one can't be sure if the";pname=pvalue" parameter format isactual defined standard or not. Regards,David

Note from the Author or Editor:Remove the fourth line "And while

Tomcat adds..." from the last paragraphon pg 239.

DavidBalaic

Aug 31,2009

Mar 01,2011

Printed Page 240"Bang"box, 2ndwritten"note"

"Don't do this! It's supposed to be aheader!" should be "Don't do this! It'ssupposed to be a cookie!"


MichaelAngstadt

Jan 17,2010

Mar 01,2011


6/40

Correct

PDF Page 2492ndAnswer's

Result(Lastparagraph) ofChapter 6

IllegalStateException is thrown before itreach the isNew() method on session.Since session.setMaxInactiveInterval(0)

will cause the session invalidatedimmediately, the next line of codesession.getAttribute("foo") method willthrow IllegalStateException before itreach session.isNew() method.

Note from the Author or Editor:VALID Remove the line of code thatreads "String foo = (String)session.getAttribute("foo"); On pg 249:also remove that line

Lee KianGiap

Dec 31,2008

Oct 01, 20

PDF Page 255The lastline of thepage isincomplete, seemsincomplete, likethis 'These'

The last line in my PDF version of thisbook is 'chance to get themselves readyfor access. The se' I check the next page(pg.256), there's no continuation for thelast line in pg. 255, so it seems to me,that there's incomplete sentence in thelast line of pg. 255. Thank you inadvance for checking and correcting thissmall typo (or formatting issue ?).


Drop the last sentence fragment: "These"

Anonymous Mar 16,2009

Oct 01, 20

Printed Page 256Bang boxtitled"You doNOTconfiguresessionbinding

listenersin theDD!

Change the title to "You do NOTconfigure ALL session listeners in theDD!" Change the"HttpSessionActivationListener" to"HttpSessionAttributeListener" in thetext.


Printed Page 256Bang boxtitled"You do

Changed the title to "You do NOTconfigure ALL session listeners in theDD!" Changed the"HttpSessionActivationListener" to



7/40

NOTconfiguresessionbindinglisteners

in theDD!

"HttpSessionAttributeListener" in thetext. --------------------------------------------------------------------

PDF Page 261BeerSessionCounter classexample

This class, as written, isn't thread safe.So, the question is whether or not itshould be thread safe or whether thecontainer provides the guarantee thatlisteners aren't called concurrently.Seems like the example/text needs to beaugmented either way.

Note from the Author or Editor:Correct. Add the keyword 'synchronized'to both methods; like this: publicsynchronized void sessionCreated(...public synchronized voidsessionDestroyed(...

Anonymous Feb 22,2010

Mar 01,2011

Printed Page 264seondrow, lastcolumn(HttpSess

ionActivationListener ->Usuallyimplemented by

The book says thatHttpSessionActivationListener is"usually implemented by" both "Anattribute class" and "Some other class".IMHO the latter answer is wrong. The

listener must not be registered in the DD- only attribute value classes get notified.

Note from the Author or Editor:I agree. O'Reilly: Remove the "crossicon" on the "Some other class" box inthe second row / last column.

Anonymous Sep 26,2008

Mar 01,2011

Printed Page 265Bottom"handwrit

ten" note

"It returns the old value, not the newone." I can't find any definite statementin the spec regarding the result of

HttpSessionBindingEvent.getValue() foreach of the events. But I tested onTomcat 5.5.27, Tomcat 6.0.18 andGlassfish V2 UR2 Final Build. Theresult are consistent for these containersand the statement "returns the old value"is mostly WRONG: attributeAdded():value is new value (rather than old value


Oct 01, 20


8/40

== null) attributeReplaced(): value isalways the NEW value valueUnbound():"this" is always the old value. event'svalue is null iff the attribute has beenreplaced, or the old value if the attribute

has been removed. attributeRemoved():indeed the event's value is the OLDvalue (rather than null) Who the heckshould memorize that? Here's thesequence that I tested(set/removeAttribute statement plusgenerated events):session.setAttribute("dog", new Dog(1)):Dog{no=1}.valueBound:event.getValue()=Dog{no=1}AttributeListener.attributeAdded:

event.getValue()=Dog{no=1}session.setAttribute("dog", new Dog(2)):Dog{no=2}.valueBound:event.getValue()=Dog{no=2}Dog{no=1}.valueUnbound:event.getValue()=nullAttributeListener.attributeReplaced:event.getValue()=Dog{no=2}session.removeAttribute("dog"):Dog{no=2}.valueUnbound:event.getValue()=Dog{no=2}

AttributeListener.attributeRemoved:event.getValue()=Dog{no=2}

Note from the Author or Editor:VALID The spec says "Returns thevalue of the attribute that has beenadded, removed or replaced. If theattribute was added (or bound), this isthe value of the attribute. If the attributewas removed (or unbound), this is thevalue of the removed attribute. If the

attribute was replaced, this is the oldvalue of the attribute." This is about assuccinct as I think it could be said. So...The complete handwritten note shouldbe rewritten as: "The getValue() returnsthe object value of the attribute thattriggered the event. If the attribute wasadded (or bound), this is the value of the


9/40

attribute. If the attribute was removed(or unbound), this is the value of theremoved attribute. If the attribute wasreplaced, this is the old value of theattribute."

SafariBooksOnline

27915 thquestion

For the question no 15, you people havegiven 'A' and 'C' are the correct answers.But in the reality when we try toimplement this scenario(like creating aclass which extendsHttpSessionAttributeListener andanother class which extendsHttpSessionBindingListener.Declaredsession time out in DD then we addedlogs in each Listener class, once session

invalidated after the time specified inDD, the log is showing clearly that it hascalled the sessionDestroyed(),valueUnbound() and alsoattributeRemoved() methods). Thisstates that option 'E' also correct answer.Please check this. Sorry if i'm wrong.

Note from the Author or Editor:This is a little tricky. Yes, it is true thatall attributes are removed when a session

is terminated (and thus theattributeRemoved() method is called); itis not the intent of the question.Likewise, option C should not beselected.

uday kumarmaddigatla

Mar 04,2009

Mar 01,2011

Printed Page 310url-patterntag

The jst-file tag contains "TestInit.jsp"but the url-pattern tag contains"TestInif.jsp", which appears to be atypo.


VALID Change the 12th line of the firstcode example to: /TestInit.jsp

Anonymous May 19,2008

Jul 01, 20

Printed Page 310url-patterntag

Line 12 of code the url-pattern tagcontains "TestInif.jsp", which appears tobe a typo. Changed "TestInif.jsp" to"TestInit.jsp" --------------------------------



10/40

------------------------------------

Printed Page 310Declaration code

exampleat thebottom,5th line

This is invalid code in a JSP:ServletContext ctx =getServletContext(); The spec only

guarantees that the JSP implementationclass implements JspPage which extendsServlet, but _not_ GenericServlet (whichimplements ServletConfig and containsthe implementation ofgetServletContext())." So the correct linewould be ServletContext ctx =sConfig.getServletContext(); (Theoriginal code does indeed work onTomcat, but that's merely animplementation side effect.)

Note from the Author or Editor:VALID Make the recommended change.


Oct 01, 20

PDF Page 337Question4

Does jspInit() have direct acces to theServletContext? The spec it says "Whenmethod is called all the methods inservlet, including get- ServletConfig areavailable". I'm guesing option C shouldnot be correct based on what the specsays

Note from the Author or Editor:This method is only meant to be calledby the container. But I suppose thatsome other method in the JSP *could*call this method, although that wouldcontradict the contract of that method.From a cert-exam perspective Option-Cis not "always correct under allconditions." Rewrite Option-C as "It isonly called once by the Container."


Mar 01,2011

Printed Page 355lastparagraph

The final sentence states, "...the classmust be a subclass...". I know this issplitting hairs, but since were are talkingabout types (e.g. interface), I believe,"...the class must be a subtype...", wouldbe semantically (more) correct.



Jul 01, 20


11/40

MOSTLY VALID, BUT SUBTYPEMIGHT BE A SUB-INTERFACEWHICH IS *NOT* VALID IN THISCONTEXT. Change last sentence to "Sothat means that /class/ must be a

concrete implementation of the /type/."

Printed Page 355lastparagraph

The final sentence states, "...the classmust be a subclass...". I know this issplitting hairs, but since were are talkingabout types (e.g. interface), I believe,"...the class must be a subtype...", wouldbe semantically (more) correct.MOSTLY VALID, BUT SUBTYPEMIGHT BE A SUB-INTERFACEWHICH IS *NOT* VALID IN THISC

ONTEXT.C

hanged last sentence to"So that means that /class/ must be aconcrete implementation of the /type/." --------------------------------------------------------------------


Printed Page 358firstparagraph

The second sentence states there are 3code examples but only 2 examples areprovided.

Note from the Author or Editor:VALID Change "three" to "two" in the

fourth line.


Jul 01, 20

Printed Page 358firstparagraph

The second sentence states there are 3code examples but only 2 examples areprovided. Changed "three" to "two" --------------------------------------------------------------------


Printed,SafariBooksOnline

Page 359Codeexampleat thebottom ofthe pageusingscriptinginside astandardaction

When testing in Eclipse the followingJSP piece: I get the followingerror in the console output:org.apache.jasper.JasperException:/TestBean.jsp(12,58) Attribute value

AbelMorelos

Jan 22,2010

Mar 01,2011


12/40

request.getParameter("username") isquoted with " which must be escapedwhen used within the value In order tofix the error, you need to escape the"username" parameter name, so the

previous code should be:

Note from the Author or Editor:Rewrite the setProperty code like this:

Printed Page 383JSP code,ELexpression

I think the line${pageContent.currentTip} should be${pageContext.currentTip}. Also 3occurences on page 384

Note from the Author or Editor:The 'pageContent' was meant to be a

wrapper object, but the text never madethat clear. Rewrite the third line of codeas: ${currentTip}

Anonymous Aug 15,2010

Mar 01,2011

Printed Page 397paragraphat the topof thepage

It states that the answers to the questionsare printed upside down at the bottom ofthe page. They are not. The answers arelisted on the next page.

Note from the Author or Editor:Right. Remove the last two sentences inthis paragraph.

MichaelAngstadt

Jan 17,2010

Mar 01,2011

Printed Page 412Subheader "TheincludedheaderthatUSES

The page shows a code that uses a jspstandard action to include a file named"Header.jsp", but "Header.jspf" ismentioned in the following subtitle:"The included header that USES the newparam ("Header.jspf")" Remove the

Anonymous Nov 26,2008

Oct 01, 20


13/40

(...)" trailing "f" from "Header.jspf".

Note from the Author or Editor:VALID Delete the 'f' character on theend of "Header.jspf"

PDF Page 420Answerfor thenumber 1exercise

" Name is: Look at this standard action: Whathappens if the servlet code looks like: 1foo.Person p = new foo.Employee();

p.setName(

Evan

);request.setAttribute(person, p);ANSWERS FAILS at request time! Theperson attribute is stored at requestscope, so the tag wontwork since it specifies only a type." Theanswer is wrong since the attribute scopeis defined as request in the. The correct would be"Prints Name is Evan."

Note from the Author or Editor:VALID This exercise has dogged usfrom the beginning. It will be completereplaced in the next edition.


Printed Page 437Question17

Regarding the usage of the dot "."operator, the last comment on page 370states, "If the object is a bean but thenamed property doesn't exist, then asexception is thrown? However, theanswer to question 17 on page 437 doesnot reflect this as being true as 17-C is

not checked.

Note from the Author or Editor:Add a checkmark on Option C



Regarding the usage of the dot "."operator, the last comment on page 370states, "If the object is a bean but the



14/40


15/40

Note from the Author or Editor:This should have been fixed in theprevious re-print; but if not... O'Reilly:the text in the middle box should read"Hello null."

Printed Page 463 "The JSP with the " shouldbe "The JSP with the "

Note from the Author or Editor:Change title of step 1 as described.


Mar 01,2011

Printed Page 475written"note" atthebottom of

the page

It states that the book doesn't cover. This is false. is coveredon p.443-5.


Right you are. We didn't cover the c:outtag in the 1st Edition but added it in the2nd Edition. Rewrite the last statementin the hand-written note as: We alsodidn't cover but that...

MichaelAngstadt

Jan 17,2010

Mar 01,2011

Printed Page 4843rdParagraph

The fourth sentence states "TheContainer could care less...". While Iunderstand this atrocious grammar hasbecome commonplace with lazy-speak,it should be written correctly. This

should be corrected to "The Containercouldn't care less...".

Note from the Author or Editor:OK Start the fourth sentence as "TheContainer couldn't care less..."


Oct 01, 20

Printed Page 4843rdparagraph, 6th-7thlines

"Su could have named the JSTL..."should be "Sun could have named theJSTL..."

Note from the Author or Editor:Correct. Also remove the extraneousspace character on the next line beforethe word "could"

MichaelAngstadt

Jan 17,2010

Mar 01,2011

PDF Page 490diagram

The arrow from"true"

pcchee Apr 16,2009

Mar 01,2011


16/40

should point to "${foo}", not "/>"

Note from the Author or Editor:Correct. O'Reilly: Move the code about 1/8 inch

to the right. Make sure the move thehand-drawn underlines as well.

Printed Page 491& 495Question1, optionD

Option D references tag files whicharen't mentioned until the next chapterand the role of TLDs in Tag files isn'texplored until page 509.

Note from the Author or Editor:VALID Drop Option D here and on pg495.


Oct 01, 20

Printed Page 508Paragraphs 2 & 3

The discussion on scripting in Tag filesis very confusing. The first sentence ofthe third paragraph reads "In fact, TagFile bodies are never allowed to havescripting, so it's not an option." Usingthe term 'Tag File bodies' makes it soundlike you mean you can not use scriptingin the *.tag file, instead of the body ofthe tag reference in the JSP that uses thetag.

Note from the Author or Editor:OK For clarification the first sentence inthe third paragraph should start with "Infact, the bodies of Tag File tags arenever..."


Oct 01, 20

Printed Page 533secondline

(also in PDF) The second line beginswith: areevaluated when A space ismissing: are evaluated

DavidBalaic

Aug 27,2009

Oct 01, 20

Printed Page 5331stparagraph, 2nd line

"areevaluated" should be "are evaluated"

Note from the Author or Editor:Correct - this was fixed in the secondedition.

MichaelAngstadt

Jan 17,2010

Sep 01, 20

Printed Page 565Top ofPage

The chart is labeled "LifecycleMETHODS forClassic tag methods". Ifound this very confusing and the



17/40

instructions were not helpful. It allbecame very clear when I turned thepage and the answer chart was labeled"Lifecycle RETURN VALUES forClassic tag methods".

Note from the Author or Editor:Agreed. In the next printing we shouldprovide the answers for a few of the cellsin the chart as a starting point.

Printed Page 579& 590Question2 OptionE.

jsp:invoke is Option E for Question 2. Ican not find where jsp:invoke ismentioned in the book, especially in

Chapter 10, which is the chapter this testis covering. If it is in the book and I just

missed it, sorry.

Note from the Author or Editor:VALID The jsp:invoke std action is notmentioned in the book so no questionshould refer to it. Drop Option E on thispage and pg 590.


Oct 01, 20

Printed Page 580Line 11 incode ofquestion

no 3

The line 11 in the code in self testquestion 3 of chapter 10 shows int as thereturn type of doTag method while it isvoid. Same mistake on page 591

Note from the Author or Editor:Change on these two pages the "int" into"void" like this: 11. public void doTag()throws JspException, IOException {

Ankit Garg Nov 08,2009

Mar 01,2011

Printed Page 582Chapter10,Question6

Chapter 10 - Question 6 -findAncessorWithClass(). This methodis just barely touched on on page 574,without giving too much more than asignature and a brief description of what

it does. Furthermore, the last sentence onpage 574 states "You will not be testedon any details of usingfindAncessorWithClass(). All you needto know for the exam is that it exists!".Given this, question 6 is pretty detailed.Maybe this question was a leftover from


Mar 01,2011


18/40

the first edition.

Note from the Author or Editor:VALID, the book does not cover thismethod in the level of detail needed for

this question. Drop this item here and onpg 593.

Printed Page 583MockExam,Questions08 and18.

Chapter 10 - Mock Exam - Printedversion. Question 08 - Option B.Question 18 - Option E. It was nevermentioned in the aforementioned chapter(Please correct me if I'm wrong) that thetag files could also have a *.tagxextension, for which reason any readerwould have considered option B

(Question 08) and option E (Question18) as wrong (unless you previously readthe specs before answering bothquestions). This is only brieflymentioned in the next chapter, pages 634y 636. My suggestion would be for page502 to be modified to include thepreviously mentioned annotation whereit says: "Take an included file (like"Header.jsp") and rename it with a .tagextension". This way, the questions can

remain the same. Best regards and thankyou in advance.

Note from the Author or Editor:Good point. O'Reilly: if it will fit (in theupper-right corner on pg 502) add ahand-written note: "You could also usethe tagx file extension; if the content isvalid XML." and include a hand-drawnarrow pointing to the "Header.tag"labeled file icon.

JosnelMaraver

Jun 03,2009

Mar 01,2011

Printed Page 586& 597Question14 OptionE

Chapter 10 - Question 14 - Option E.getAttributesScope("key") is notmentioned in the book. Chapter 8 doeshave a note to visit the API to see thegetters for PageContext, but does notstate that all of the getters should bememorized. In short, the questions in


Oct 01, 20


19/40

this book should only cover informationpresented in this book. The exam is adifferent animal, but book questionsshould only test on book information.

Note from the Author or Editor:VALID Remove Option E from thisquestion here and on pg 597.

Printed Page 588Question19,answersB and D

(also PDF version) Answer B uses thejsp:invoke, the author already said forpage 579: "The jsp:invoke std action isnot mentioned in the book so noquestion should refer to it." Answer Duses the tag, which isalso not mentioned in the book.

Note from the Author or Editor:Right. We will rewrite this question in afuture revision.

DavidBalaic

Aug 28,2009


Question 15 on Page 597 has option Enot checked because it is not the correctanswer. However, it says option E isinvalid becausegetAttributesScope("key") does not existin JspContext. This is WRONG.JspContext does have

getAttributesScope("key"). Although itis an abstract method, the nature of thequestion implies a JspContextimplementer. Only in the previousquestion it says PageContext containsgetAttributesScope("key"). AndPageContext is a subclass of JspContext

Note from the Author or Editor:Correct. Change the comment on OPtionE to "Option E is invalid because this

method retrieves the attribute; it onlytells you which scope it resides."

SuhasWadadekar

Jan 28,2010

Mar 01,2011

Printed Page 6222rdparagraph, line 3

(and PDF) The third line in the secondparagraph and with: configur It shouldbe : configure

DavidBalaic

Aug 28,2009

Oct 01, 20


20/40

Printed Page 6222ndparagraph, 3rd line

"You configur" should be "Youconfigure"

Note from the Author or Editor:Corrrect

MichaelAngstadt

Jan 17,2010

Sep 01, 20

Printed Page 624lastanswer

The book says : Container choice: Whenno files from the arefound, the behavior is vendor-specific.Tomcat shows a directory listing forthe newMember directory (which shows"foo.txt"). AnotherContainer mightshow a 404 Not Found error. That doesnot seem to be true. Tomcat 5.5.28returns a 404 error in this case. (at leaston Windows XP Pro SP3)

Note from the Author or Editor:OK. Let's flip the last two statements as:"Tomcat shows a 404 Not Found error.Another container could show adirectory listing for the newMemberdirectory, which would show the 'foo.txt'file."

DavidBalaic

Aug 28,2009

Mar 01,2011

Printed Page 628handwritten

text

The 2nd paragraph on page 628 says thata "non negative value for " does something, the hand-

written text on the same page makes this"greater than zero", should be greaterthan or equal to zero according to Sunspec. OTOH Bea documentation refersto "positive" values

Note from the Author or Editor:Agreed O'Reilly: Change text to "Anynon-negative number means..."


Mar 01,2011

Printed Page 628

BANGsection

You can read: "(...)And what if there's

more than one servlet with a of 4? The Container loadsservlets with the same value in the orderin which the servlets are declared in theDD." The specs for Servlets 2.4 and 3.0says in sections 13.4 (10 - servletElement) and 14.4 (10 - servlet Element)respectively that: "(...)The container may

Piotr

Nowicki

Jan 16,

2011

Mar 01,

2011


21/40

choose the order of loading of servletswith the same load-on-startup value."

Note from the Author or Editor:Replace the last statement in the

"BANG" box from "The Container loadsservlets..." to "The Container maychoose the order of loading of servletswith the same load-on-startup value."

Printed Page 664handwritten noteadjacentto"SERVL

ET-SPECIFICATION:"

The note says "When it's time forauthorization... information to whatever's it find in your DD's elements." This notemisuses the apostrophe. Actually, it usesthe apostrophe correctly, then

incorrectly, then correctly again. Theplural of is s.

Note from the Author or Editor:OK Rewrite like this: "will map it'svendor-specific "role" information towhatever elements it findsin the DD's elements."

ThomasKennedy

Apr 05,2010

Mar 01,2011

Printed Page 684Bottom

Bottom of page 684: "NOTE: althoughnot guaranteed by the spec, in practicevirtually every Container uses SSL for

guaranteed transport, which means thatboth INTEGRAL and CONFIDENTIALdo the same thingeither one gives youboth confidentiality and integrity. Sinceyou can have only one per ,some people recommend you useCONFIDENTIAL, but again, it willprobably never matter in practice, unlessyou move to a new (and unusual)Container that doesn't use SSL." The last

sentence should be changed to moreclearly indicate that you are talkingabout a container that doesn't use SSLfor guaranteed transport, not a containerthat doesn't use SSL at all. SSL isrequired by the spec, although you don'tmention that specifically anywhere but


Mar 01,2011


22/40

test on it in question 14 on page 834.

Note from the Author or Editor:SURE Change the end of the lastsentence to "to a new Container that

doesn't use SSL for guaranteedtransport."

Printed Page 719BANGsection

In the first sentence you can read:"(...)an example of using a Decoratorpattern (although it is also sometimescalled Wrapper) pattern" The wordpattern is written twice or the second oneis not within the parentheses. I think itshould be more like: "(...)an example ofusing a Decorator pattern (although it is

also sometimes called Wrapper pattern)"or "(...)an example of using a Decoratorpattern (although it is also sometimescalled Wrapper)"

Note from the Author or Editor:Agreed; please put the last "pattern"within the parenthesis.

PedroKowalski

Jan 16,2011

Mar 01,2011

Printed Page 725code forgetOutput

StreamandgetWriter

the if-statements in the accessors checkwhether streamUsed is alreadyinitialized. Now if either method is

called a second time anIllegalStateException will be thrown.From the description it seems that shouldonly happen if both methods are calledand it should be ok to call the samemethod several times. If you change theif statement in getOutputStream to "if(streamUsed != null) && (streamUsed== pw) { throw ..." the behavior will beas described

Note from the Author or Editor:Correct O'Reilly: This requires twochanges. First change the first ifstatement to: if ( (streamUsed != null)&& (streamUsed == pw) ) { Second,change the third if-statement (in thegetWriter method) to: if ( (streamUsed


Mar 01,2011


23/40

!= null) && (streamUsed ==servletGzipOS) ) {

Printed Page 759Code

examplein middle

The code example handles a caughtRemoteExeption by throwing a newC

ustomerException instead. The"handwritten" comment states that thecode is supposed to WRAP the caughtexception in the higher level one. If thatis the case, the RemoteException shouldprobably passed as the constructorparameter of the CustomerException.


Correct. Rewrite the fourth line of codeas: throw new CustomerException(re);

Anonymous Jan 28,2010

Mar 01,2011


The correct answer to question 3 is C -"Composite Delegate". But "CompositeDelegate" is not mentioned anywhere inthe book. Similar for question 2.

Note from the Author or Editor:Right, we should not have a questionthat relies on information outside of thebook. We will replace this question witha new one in the future.

DavidBalaic

Aug 31,2009

Printed Page 793& 829Question3, answerA

Answer A is not correct because theclass does not need to have a sizemember. Is does need to have a settermethod.

Note from the Author or Editor:VALID Rewrite Option A as "The classshould have a setter method calledsetSize." With 'setSize' in bold Courier.Make the same change on pg 829.


Mar 01,2011

Printed Page 794,830Question4

The sample code in question, set theattribute in request scope. Andequivalent code snippet answers aregiven as C & D. But those two answerscreate the attribute in page scope (defaultscope), but not in request scope. scope ='request' is missing in those two answers.


Jul 01, 20


24/40


25/40

Note from the Author or Editor:Change option C to"javax.servlet.OutputStream" andchange option E to"javax.servlet.ServletOutputStream".

These changes make option E valid andoption C invalid, as it should be.


The answers currently referenced are Band E. For E to be correct,ServletOutputStream needs to be in thejavax.servlet package (not java.io). Iwould think answerC is also correctbecause the question asks which types"can be used" and aServletOutputStream is-an

java.io.OutputStream.C

hange optionC

to "javax.servlet.OutputStream" andchange option E to"javax.servlet.ServletOutputStream".These changes make option E valid andoption C invalid, as it should be. --------------------------------------------------------------------


Printed Page 819,855Q55, line

02.

HFSJ 2nd Ed., printed March 2008 Atpage 819 and 855 the lines 02. StringTITLE = "Welcome to my page"; are

wrong, correct are 02. StringGREETING = "Welcome to my page";

Note from the Author or Editor:VALID Change all occurrences of"TITLE" with "GREETING" Also on pg855.


Mar 01,2011

Printed Page 824Answers

There aren't answer for question 66 inFinal Mock Exam.

Note from the Author or Editor:This should have been fixed in theprevious re-print. But if not... O'Reilly:Copy the "options content" on pg 861and paste it at the bottom of pg 824. DONOT COPY the checkmark and hand-write note about the answer.


Mar 01,2011


26/40


There are no answers given.

Note from the Author or Editor:VALID Copy the Options on pg 860 butremove the checkmarks and hand-

written comments to the empty space atthe bottom of pg 824.


Mar 01,2011

Printed Page 830Quesiton4

The sample code in question, set theattribute in request scope. Andequivalent code snippet answers aregiven as C & D. But those two answerscreate the attribute in page scope (defaultscope), but not in request scope. scope ='request' is missing in those two answers.This is correct. The text

[scope="request"] must be added to theopen jsp:useBean tag for *all* options(not just C&D, because this is really aninvariant to the question). Make thischange on pg 794 as well. --------------------------------------------------------------------



Answers are B and E. Option C is alsocorrect, but it's not selected as ananswer.

Note from the Author or Editor:Add a checkmark to option C



Answers are B and E. Option C is alsocorrect, but it's not selected as ananswer. Added a checkmark to option C--------------------------------------------------------------------


Printed Page 832Ques. 8

the question 8 asks which implicit objectcan access attributes fromServletContext the answer given is onlyapplication but option C request can alsoaccess its attributes in this way-request.getSession().getServletContext().getAttribute("name"); So answer shall beC,D


ParthTiwari

Aug 19,2010

Mar 01,2011


27/40

Correct. Please check option C andrewrite the note as: "Option C is correctbecause you can access theServletContext using the HttpSession."


Answers given are A,B,D,E,F But,options B and F should not be correct. -Only one instance of will exist within one tag. The deploymentdescriptor DTD has the followingdefinition for asper servlet spec is - This tag implies that

authorization, data integrity andconfidentiality security features are alldeclared for the wen application. Andnot authentication. Authentication isdeclared using the tag.As per the servlet spec - The login-config element is used to configure theauthentication method that should beused, the realm name that should be usedfor this application, and the attributesthat are needed by the form login

mechanism.

Note from the Author or Editor:Remove the checkmark from options Band F



Answers given are A,B,D,E,F But,options B and F should not be correct. -Only one instance of will exist within one tag. The deploymentdescriptor DTD has the followingdefinition for asper servlet spec is - This tag implies that



28/40

authorization, data integrity andconfidentiality security features are alldeclared for the wen application. Andnot authentication. Authentication isdeclared using the tag.

As per the servlet spec - The login-config element is used to configure theauthentication method that should beused, the realm name that should be usedfor this application, and the attributesthat are needed by the form loginmechanism. Removed the checkmarkfrom options B and F --------------------------------------------------------------------

Printed Page 833Question11,answer B

Answer B states that multiple instancesof can exist within. This is not true.

Note from the Author or Editor:VALID Option B is incorrect and shouldnot be checked.


Sep 01, 20


I could not find that: - The book statesthat a Java EE container must supportHTTP cookies. - The book states that a

Java EE container must support SSL.

Note from the Author or Editor:VALID This question is based oninformation that is not presented in thebook nor is on the SCWCD exam. Itshould be rewritten.


Printed Page 834& 798Question

14 OptionC

Option B: "Java EE containers mustsupport URL rewriting." This option isshown as being false and the following

note "-Option B URL rewriting is almostalways used as the fallback whencookies are not available, but it's NOT arequirement for containers." From thetext: Page 237 URL rewriting:something to fall back on "If the clientwont take cookies, you can use URLrewriting as a backup. Assuming you do


Mar 01,2011


29/40


30/40


According to the servlet spec (7.1.3 URLrewriting), it is almost impossible todisregard URL as a containerrequirement. The spec states: "Thesession ID must be encoded as a path

parameter in the URL string. The nameof the parameter must be jsessionid."Hence answer -B- should be accepted astrue.

Note from the Author or Editor:OKCheck Option B and edit the note as"...is always available as the fallback..."


Mar 01,2011


22

Option A is "Only HTTP GET isidempotent." The answer note states "-

Option A: if a form doesn't explicitlydeclare a method, GET is assumed."This note actually applies to Option B.

Note from the Author or Editor:VALID Change "Option A" to "OptionB" in the note and move it down to pointto Opt B.


Mar 01,2011


Only books.clear(); and books = null;will cause the text within the c:otherwisetag to display. Therefore answers C and

E are correct instead of answers B andD.

Note from the Author or Editor:VALID Instead of B and D, C and Eshould be checked.


Jul 01, 20


The options marked are B and D.Clearly, those two will not satisfy emptyoperators and will execute the codeinside the tag. Shouldn't the

answers be C and E which staisfies theempty operator and hence will executethe code inside tag? thehand written comments correctlymentions that E will satisfy emptyoperator. Instead of B and D, C and Eshould be checked. Placed checkmarksin C & E and deleted checkmarks from



31/40

B & D --------------------------------------------------------------------

Printed Page 841Answers

forquestion26

The wrong answers are ticked for thequestion. The explanations correctly

state that A,B,and D add something tothe list, making it NOT empty. This willcause the 'when' clause to execute andnot the 'otherwise'. Therefore answers Cand E should be ticked not B and D.

Note from the Author or Editor:VALID These options should bechecked: C and E.


Sep 01, 20


30

The followint snipet is from thequestion. 234. 235.

student 236. And the secondsecurity constraint contains: 251. Answer D (the selectedanswer) D: If the second tag is removed, theconstrained resource can be accessed byboth roles. Is wrong and answer F: F: Ifthe second tag isremoved, the constrained resource canbe accessed only by student users. Is the

correct answer. The book is wrong.

Note from the Author or Editor:VALID Remove the checkmark fromOption D and put it on Option F.


Mar 01,2011

PDF Page 844question33

I think E is not correct.. As long as youcall super() at the end of the method, youcan do some general stuff in there.Besides, if the 'servlet' is not anHttpServlet, but a GenericServlet, it

even has to!

Note from the Author or Editor:Agreed. While it is not recommended tooverride the HttpServlet.service method;it certainly can be done. This question ispoorly written and should be replaced.Even Option A is not completely valid;


Mar 01,2011


32/40

although there are extremely few caseswhere you would need a servlet ctor.O'Reilly: For now just remove the checkon Option E.


Answers given are B and D. I agreestructure is valid with index.html beingunder WEB-INF directory.But, since thequestion also asks about changesnecessary to make resources accessible,shouldn't option C also be an answer?THE WORDING OF THE STEMFORCES OPTION C TO BE VALID

Note from the Author or Editor:Add a checkmark to option C. Change

the note for optionC

to "OptionC

:index.html must be outside of the WEB-INF/ directory to be accessible."



Answers given are B and D. I agreestructure is valid with index.html beingunder WEB-INF directory.But, since thequestion also asks about changesnecessary to make resources accessible,shouldn't option C also be an answer?THE WORDING OF THE STEMFORCES OPTION C TO BE VALID

Added a checkmark to option C.Changed the note for option C to"Option C: index.html must be outsideof the WEB-INF/ directory to beaccessible." --------------------------------------------------------------------


Printed Page 846Question37 answerE

Question 37 states: You are tasked withadding several security features to yourcompanys Java EE web application.Specifically, you need to create several

classes of users and based on a usersclass, you need to restrict them to useonly some of the applications pages. Inorder to restrict access, you mustdetermine that users are who they saythey are. Which are true? (Choose allthat apply.) A. If you need to verify thatusers are who they say they are, you


Mar 01,2011


33/40

must use the applications deploymentdescriptor to implement thatrequirement. B. Java EEs authorizationcapabilities should be used to determinethat users are who they say they are. C.

In order to help you determine that usersare who they say they are, you can usethe deployment descriptors tags. D. In order to help youdetermine that users are who they saythey are, you can use the deploymentdescriptors tags. E. Depending on the approach youuse, determining that users are who theysay they are might require including a"realm". Answer E is one of the correct

answers, but the book never discusseshow to include a realm in order toprovide the authentication necessary.Realm is shown in several examples andis defined as an overloaded term insecurity, but nothing is ever discussedabout including realm-name in theweb.xml login-config.

Note from the Author or Editor:Agreed, option E is a vendor-specific

feature and not part of the SCWCDexam and not covered in the book.Remove option E here and on pg 810.

Printed Page 847& 811Question39 -Answer D

The question reads: Given req is areference to a valid HttpServletRequest,and: 13. String[] s = req.getCookies();14. Cookie[] c = req.getCookies(); 15.req.setAttribute("myAttr1", "42"); 16.req.setAttribute("myAttr2", 42); 17.String[] s2 = req.getAttributeNames();18. String[] s3 =req.getParameterValues("attr"); Whichlines of code will not compile? (Chooseall that apply.) A. line 13 B. line 14 C.line 15 D. line 16 E. line 17 F. line 18The soultion says that Answer D is notcorrect. "-Option D: setAttribute() takesa String and an Object, and as of Java 5,


Mar 01,2011


34/40

42 can be boxed to an Object." Whilethis may be true for Java 5, this examdoes not test on Java 5 as noted on pagexxviii of the book: "About the SCWCD(for Java EE 1.5) exam The updated

SCWCD exam is called Sun CertifiedWeb Component Developer for the JavaPlatform, Enterprise Edition 5 (CX-310-083), but dont get confused by thetitle. The updated exam is still designedfor Java EE v1.4 and for the servlet v2.4and JSP v2.0 specifications." Whichmeans autoboxing does not exist andAnswer D IS correct. Line 16 will notcompile.

Note from the Author or Editor:Agreed. Drop option D and line 16 fromthe question here and on pg 811

Printed Page 848& 812Question41

Options C is wrong. It seems to haveback-quote and then single-quote aroundthe word personalChecking. C. Checking that fits your lifestyle.The beginning and ending quotes aresupposed to be the same no matter where

they are nested. It should be single-quoted in both places before and afterthe word personalChecking.

Note from the Author or Editor:Yes, the back-quote should be changedto a single-quote. Furthermore, thereshould be an additional open-paren inthe Java code of the IF-stmt in the stemof the question.

Anonymous Mar 27,2009

Mar 01,2011

Safari

BooksOnline

850

question45

Q45: Given this fragment from a valid

doGet() method: 12. OutputStream os =response.getOutputStream(); 13. byte[]ba = {1,2,3}; 14. os.write(ba); 15.RequestDispatcher rd =request.RequestDispatcher("my.jsp");16. rd.forward(request, response);Assuming that "my.jsp" adds the bytes 4,

Anonymous Sep 07,

2008


35/40

5, and 6 to the response, what is theresult? A. 123 B. 456 C. 123456 D.456123 E. An exception is thrownAnswer according to HF is B: - becauseos.flush() wasnt called, the

uncommitted output (123), is cleared,and forward is invoked withoutexception. If os.flush() had been calledbefore forward, an IllegalStateExceptionwould have been thrown. This is nottrue. The above code will always causean IllegalArgumentException, flushed ornot. The implementation class of the JSPpage will create a PageContext object,which in turn will call getWriter() on theresponse object (to set its out property).

Because the response object alreadycalled getOutputStream(), it will throwan exception.

Note from the Author or Editor:This requires more research and if thereader is correct (I suspect so), then thisitem needs to be rewritten.


45

In line 15 of the shown code, you canread: RequestDispatcher rd =

request.RequestDispatcher("my.jsp"); Iassume, that the "get" in the methodname was lost and it supposed to be:RequestDispatcher rd =request.getRequestDispatcher("my.jsp");

Note from the Author or Editor:Correct. (and on pg 814)

PiotrNowicki

Feb 27,2011


The answers currently referenced are Band E. For E to be correct,ServletOutputStream needs to be in the

javax.servlet package (not java.io). Iwould think answerC is also correctbecause the question asks which types"can be used" and aServletOutputStream is-anjava.io.OutputStream.


Jul 01, 20


36/40


37/40

checkmark to option D --------------------------------------------------------------------

PDF Page 854Question

54

Line 63 could be valid. The questiondoes not say that if IOException is user

defined exception or standard Java IOException (also that's what all theanswer options are, notjava.io.IOException). IOException incould be assumed from the defaultpackage and could be a user definedexception. Therefore the correct answershould be D.

Note from the Author or Editor:I reluctantly agree. This question should

be rewritten for the next Edition. Thewhole structure of the question dependsupon a java.io.IOException beingthrown but it is not clear. Furthermore,there is not "invalid" about the DDsnippet shown so option A is not correct.

Riken Shah Jul 21,2009

Printed Page 857& 821Question60 OptionD

Question 60: When comparing servletinitialization parameters to contextinitialization parameters, which are truefor both? (Choose all that apply.) D.Both can be directly accessed from a

JSP. Option D is marked as not true withthe following explanation: "-Option D:only context params can be directlyaccessed from JSPs." JSP's have a configimpicit object which can be used toaccess the init params for it'sServletConfig.ServletConfig.getInitParameter(String).Option D IS correct as written.


Option D should be rewritten as "Bothcan be directly accessed from a JSPusing the Expression Language." Thischange must also be done on pg 821.


Mar 01,2011

Printed Page 860FinalMock

The annotation on Option C states "Ifnothing else, doFilter() must invokechain.doFilter()". This is not true. You

NigeWheeler

May 05,2010

Mar 01,2011


38/40


39/40

declare? (Choose all that apply.) A. Asingle url tag should declare directory1and a single role tag should declareEXPERT. B. A single url tag shoulddeclare directory2 and a single role tag

should declare EXPERT. C. A single urltag should declare directory1 and asingle role tag should declareBEGINNER. D. A single url tag shoulddeclare directory2 and a single role tagshould declare BEGINNER. E. One urltag should declare ANY and its role tagshould declare EXPERT, and another urltag should declare directory2 and its roletag should declare BEGINNER. F. Oneurl tag should declare both directories,

and its role tag should declare EXPERT,and another url tag should declaredirectory1 and its role tag should declareBEGINNER. None of these will do whatis wanted. Here's why.... Since GET is used,only the GET method will beconstrained. ALL OTHER METHODSWILL BE UNCONSTRAINED, FOREVERYONE. If Option B is chosen,EXPERT will be the only role allowed

to perform GET requests on directory2,but everyone else (BEGINNER &EXPERT) will be able to perform POST,TRACE, PUT, etc. If the question weremore specific in asking what could bedone to prevent BEGINNERs fromperforming GET requests on directory,then Option B would be the correctchoice. As it is written, there are nocorrect answers to this question.

Note from the Author or Editor:Yes, you are right but the intent of thequestion is clear just not explicit. Thelast sentence of the stem should byrewritten as: "If you want to restrictBEGINNERs from retrieving staticresources..." NOT: "If you want torestrict BEGINNERs from using


40/40

resources..." because the word "use" istoo loose.

Printed Page 877and 878

Text from crosswords is cut off.

Note from the Author or Editor:Made changes to ensure all text prints.


Printed Page 877and 878

Text from crosswords was cut off. Madechanges to ensure all text prints.


Documents

Errata for HeadFirstServlet&JSP2nded