Mastering™ JSP™ · 2013. 7. 23. · Acknowledgments Many people made this book possible and I would like to thank first my friends and family. In particular, I thank Charles Mohnike

Mastering™JSP™

Todd Cook

SYBEX®

Mastering

JSP

This page intentionally left blank

San Francisco London

Mastering

™

JSP

™

Todd Cook

Associate Publisher: Richard Mills

Acquisitions and Developmental Editor: Tom Cirtin

Editor: Pat Coleman

Production Editor: Liz Burke

Technical Editor: Robert Castaneda

Book Designer: Maureen Forys, Happenstance Type-O-Rama

Electronic Publishing Specialist: Interactive Composition Corporation

Proofreaders: Laurie O’Connell, Nancy Riddiough, Emily Hsuan, Dave Nash, Yariv Rabinovitch

Indexer: Ann Rogers

CD Coordinator: Dan Mummert

CD Technician: Kevin Ly

Cover Designer: Design Site

Cover Illustrator: Tania Kac, Design Site

Copyright © 2002 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. The author(s) created reusable code in this publication expressly for reuse by readers. Sybex grants readers limited permission to reuse the code found in this publication or its accom-panying CD-ROM so long as the author(s) are attributed in any application containing the reusable code and the code itself is never distributed, posted online by electronic transmission, sold, or commercially exploited as a stand-alone product. Aside from this specific exception concerning reusable code, No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written permission of the publisher.

Library of Congress Card Number: 2002106563

ISBN: 0-7821-2940-4

SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the United States and/or other countries.

Screen reproductions produced with FullShot 99. FullShot 99 © 1991–1999 Inbit Incorporated. All rights reserved.FullShot is a trademark of Inbit Incorporated.

Internet screen shot(s) using Microsoft Internet Explorer 5.0 reprinted by permission from Microsoft Corporation.

TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer.

The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturer(s). The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book.

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

Software License Agreement: Terms and Conditions

The media and/or any online materials accompanying this book thatare available now or in the future contain programs and/or text files(the “Software”) to be used in connection with the book. SYBEXhereby grants to you a license to use the Software, subject to the termsthat follow. Your purchase, acceptance, or use of the Software willconstitute your acceptance of such terms.

The Software compilation is the property of SYBEX unless otherwiseindicated and is protected by copyright to SYBEX or other copyrightowner(s) as indicated in the media files (the “Owner(s)”). You arehereby granted a single-user license to use the Software for your per-sonal, noncommercial use only. You may not reproduce, sell, distribute,publish, circulate, or commercially exploit the Software, or any portionthereof, without the written consent of SYBEX and the specificcopyright owner(s) of any component software included on this media.

In the event that the Software or components include specific licenserequirements or end-user agreements, statements of condition, disclaimers,limitations or warranties (“End-User License”), those End-User Licensessupersede the terms and conditions herein as to that particular Softwarecomponent. Your purchase, acceptance, or use of the Software willconstitute your acceptance of such End-User Licenses.

By purchase, use or acceptance of the Software you further agree tocomply with all export laws and regulations of the United States assuch laws and regulations may exist from time to time.

Reusable Code in This Book

The author(s) created reusable code in this publication expressly for reuseby readers. Sybex grants readers limited permission to reuse the codefound in this publication or its accompanying CD-ROM so long as theauthor(s) are attributed in any application containing the reusable codeand the code itself is never distributed, posted online by electronic trans-mission, sold, or commercially exploited as a stand-alone product.

Software Support

Components of the supplemental Software and any offers associated withthem may be supported by the specific Owner(s) of that material, butthey are not supported by SYBEX. Information regarding any availablesupport may be obtained from the Owner(s) using the information pro-vided in the appropriate read.me files or listed elsewhere on the media.

Should the manufacturer(s) or other Owner(s) cease to offer supportor decline to honor any offer, SYBEX bears no responsibility. Thisnotice concerning support for the Software is provided for your infor-mation only. SYBEX is not the agent or principal of the Owner(s),and SYBEX is in no way responsible for providing any support for theSoftware, nor is it liable or responsible for any support provided, ornot provided, by the Owner(s).

Warranty

SYBEX warrants the enclosed media to be free of physical defectsfor a period of ninety (90) days after purchase. The Software is not

available from SYBEX in any other form or media than that enclosedherein or posted to www.sybex.com. If you discover a defect in themedia during this warranty period, you may obtain a replacement ofidentical format at no charge by sending the defective media, postageprepaid, with proof of purchase to:

SYBEX Inc.Product Support Department1151 Marina Village ParkwayAlameda, CA 94501Web: http://www.sybex.com

After the 90-day period, you can obtain replacement media of identi-cal format by sending us the defective disk, proof of purchase, and acheck or money order for $10, payable to SYBEX.

Disclaimer

SYBEX makes no warranty or representation, either expressed orimplied, with respect to the Software or its contents, quality, perfor-mance, merchantability, or fitness for a particular purpose. In no eventwill SYBEX, its distributors, or dealers be liable to you or any other partyfor direct, indirect, special, incidental, consequential, or other damagesarising out of the use of or inability to use the Software or its contentseven if advised of the possibility of such damage. In the event that theSoftware includes an online update feature, SYBEX further disclaims anyobligation to provide this feature for any specific duration other than theinitial posting.

The exclusion of implied warranties is not permitted by somestates. Therefore, the above exclusion may not apply to you. Thiswarranty provides you with specific legal rights; there may be otherrights that you may have that vary from state to state. The pricingof the book with the Software by SYBEX reflects the allocation of riskand limitations on liability contained in this agreement of Terms andConditions.

Shareware Distribution

This Software may contain various programs that are distributed asshareware. Copyright laws apply to both shareware and ordinarycommercial software, and the copyright Owner(s) retains all rights. Ifyou try a shareware program and continue using it, you are expectedto register it. Individual programs differ on details of trial periods,registration, and payment. Please observe the requirements stated inappropriate files.

Copy Protection

The Software in whole or in part may or may not be copy-protectedor encrypted. However, in all cases, reselling or redistributing thesefiles without authorization is expressly forbidden except as specificallyprovided for by the Owner(s) therein.

This book is dedicated to Mackenzie and eager students of Java everywhere.

—Todd Cook

Acknowledgments

Many people made this

book possible and I would like to thank first my friends and family. In particular, I thank Charles Mohnike for his encouragement and wise advice. I thank my agent, Jimmy Vines, of the Vines Agency for his support and seasoned perspective. Bettina Roth, Parag Agarwal, and Matt Madsen also helped by reading chapters, offering helpful advice, and asking questions.

Sybex has an impressive publishing team that works in concert. I would like to thank Tom Cirtin, the acquisitions editor, for his commitment to the project and his belief in my vision for a useful, streamlined, and efficient text. I would like to thank Pat Coleman for her editing skills and watchful eye and Liz Burke, the production editor, who held the project together at the most critical times.

The readers I worked with while writing the chapters helped me to ensure that valuable information and tips were included to help both beginners and seasoned programmers.


Contents at a Glance

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii

Part I • JSP Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Chapter 1

•

Introducing JavaServer Pages and the JSP Environment . . . . . . . . . . . . . 3

Chapter 2

•

HTTP and Servlet Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Chapter 3

•

JSP Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Part II • JSP Application Development. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Chapter 4

•

Using Scripting Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Chapter 5

•

Introducing JavaBeans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Chapter 6

•

Sharing Data: JSP Security, Authentication, and Integrity . . . . . . . . . 153

Chapter 7

•

Database Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Chapter 8

•

Error Handling and Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Chapter 9

•

Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Chapter 10

•

Presenting XML With JSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Chapter 11

•

Integrating Legacy Applications: Wrappers and Interfaces . . . . . . . . 319

Chapter 12

•

Integrating Other Extensions and Internationalization . . . . . . . . . . . 357

Part III • Professional JSP Design, Development, and Implementation . . . . . . . . . . . . . 385

Chapter 13

•

Web Application Models and Advanced Architectures . . . . . . . . . . 387

Chapter 14

•

Advanced Database Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . 437

Chapter 15

•

Custom Tags: The Building Blocks of the Java StandardTag Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

Chapter 16

•

Enterprise JavaBeans and JSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503

X

CONTENTS AT A GLANCE

Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579

Appendix A • Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581

Appendix B • JSP and Servlet API References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591

Appendix C • A Java Primer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611

Appendix D • Proposed JSTL API Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623

Appendix E • Web Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .637

Contents

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii

Part I • JSP Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Chapter 1 • Introducing JavaServer Pages and the JSP Environment . . . . . . . . . 3

The Growth of Server-Side Java and JSP’s Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4What Is a JSP Page? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Why Use JSP? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Learning JSP: How Hard Is This Going to Be? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Web Programming Languages Compared . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Perl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7ASP (Active Server Pages) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7ColdFusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8PHP: Hypertext Preprocessor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

JSP in Various Server Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Which Java Environment? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Fast-Brewing Java on the Client Side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

What You Need to Get Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Chapter 2 • HTTP and Servlet Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Behaviors and Limitations of HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20The HTTP Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

The

GET

Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21The

HEAD

Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22The

POST

Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23The

PUT

Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23The

DELETE

Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23The

TRACE

Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24The

OPTIONS

Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24HTTP and Servlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Servlet Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26HTTP Access and Variables Available to a Servlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Configurable Servlet Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Property Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37SalaryQuote Servlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39The Advantages of Servlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47What’s New in Servlet Specification 2.3? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Chapter 3 • JSP Processing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

The Tag Elements of a JSP Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49JSP Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Improved Commenting with JSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

XII

CONTENTS

The Anatomy of a JSP Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60The Server Processing of a JSP Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Compiling a JSP Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Reflection: How a JavaServer Engine Interacts with Other Enterprise Components . . . . 64Reflection Explained in Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Server-Side Object Lifespans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Part II • JSP Application Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Chapter 4 • Using Scripting Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Variables in JSPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Using Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Declaring Variables and Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Variable Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Understanding Implicit Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Using Flow Control Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Displaying Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

The PrintWriter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Another Kind of Print . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Working with Strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88Creating and Displaying Dates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Displaying Military Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Putting It All Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90The JavaBean Code That Supports This Chapter’s Examples . . . . . . . . . . . . . . . . . . . . . . . . 104Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Chapter 5 • Introducing JavaBeans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

An Overview of JavaBeans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117The Development of JavaBeans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118JavaBean Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

JavaBean Design Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122JavaBean Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Naming Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Naming Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Naming Indexed Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Naming Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130Working with Session Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

JavaBean Design Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Reflection: How a JavaServer Engine or an IDE Learns about a JavaBean’s Behavior . . . . . 132Bugs in JavaBeans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Restricting the Generation of HTML within a Bean . . . . . . . . . . . . . . . . . . . . . . . . . . . 133White-Box Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Putting It All Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

CONTENTS

XIII

Chapter 6 • Sharing Data: JSP Security, Authentication, and Integrity . . . . . 153

Sharing Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153Using Hidden Fields to Pass Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153Passing Data with URL Rewriting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159Saving and Retrieving Session Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Handling Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167Additional Security Concerns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Recovering Source Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Chapter 7 • Database Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Database Connectivity and JDBC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183How JDBC Starts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184Using JDBC: A Simple Product, Account, and Order Application . . . . . . . . . . . . . . . . 187

Connection Pooling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196A Connection Manager Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196Improving the Chapter’s Sample Application Using the

Connection Manager and JavaScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Chapter 8 • Error Handling and Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Debugging the User’s Experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221“An error? You must be mistaken. We don’t allow that…” . . . . . . . . . . . . . . . . . . . . . . 222Testing, Testing, Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222Updated Help Files: the First Line of Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Types of Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225Syntax Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225Library Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227Dynamic Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228Error Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Dealing with Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229Handling Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229Dealing with Assertions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234Logging Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Chapter 9 • Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Performance: A Usability Perspective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253Informing the User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254User Expectations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254User Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Architecting for Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Optimizing for Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Practical JSP Performance: Problems and Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256Performance Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Benchmarking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

XIV

CONTENTS

Load Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Using Apache Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Chapter 10 • Presenting XML With JSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Do I Really Have to Learn XML to Write JSPs? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282What Is XML? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

What Does XML Have to Do with HTML? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283A Simple XML Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286Verifying XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286Using a DTD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

Using XML by Itself on the Client Side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290Writing XSL Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

XSL Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293Displaying XML/XSL Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301Generating Flat HTML from XML Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304Data Migration Using XML/XSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

Chapter 11 • Integrating Legacy Applications: Wrappers and Interfaces . . . . 319

Java Wrappers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319System Call Wrappers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

Working with Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343Java Native Interface (JNI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344

Remote Method Invocation (RMI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Chapter 12 • Integrating Other Extensions and Internationalization . . . . . . . 357

Changing Graphic Displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358A Watermarking Applet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358A Servlet-Based Watermarking System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365

Internationalizing Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Part III • Professional JSP Design, Development, and Implementation . . . . . . . . . . . . . 385

Chapter 13 • Web Application Models and Advanced Architectures . . . . . . . . 387

Some Helpful Application Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388An Improved Connection Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388The DBConnection Properties File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393An Improved

PropStore

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393Dynamic Authentication: Handling Roles, Permissions, and Access . . . . . . . . . . . . . . . . . . . 398

UserAuth

: A Dynamic Authentication JavaBean . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399Authentication Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406

MVC Using JSPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409The Director JSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410The Sample JSP-MVC Application with Dynamic Authentication . . . . . . . . . . . . . . . . 418

CONTENTS

XV

Constructing an MVC Using a Controlling Servlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435

Chapter 14 • Advanced Database Programming . . . . . . . . . . . . . . . . . . . . . . . . 437

Problems with

java.sql.Connection

and

java.sql.ResultSet

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437

RowSet

: The JDBC 2.

x

Solution to

ResultSet

Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446

DittoResultSet

—A Robust, Simple Replacement for

java.sql.ResultSet

. . . . . . . . . . . . . . . . . . . . . 448Moving Data Access Away from the Presentation Layer:

A Quiz Application Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456A QuizBean . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465JSPs Supporting the Quiz Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Chapter 15 • Custom Tags: The Building Blocks of the Java StandardTag Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

Why Use Custom Tags? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476The Tag Interface and Its Implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476Creating a Simple Custom Tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478

Building the Tag Library Descriptor File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480Potential Pitfalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

Transforming a Block of Text with a

BodyTag

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483Preventing Errors with a Validation Tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493A Potential Problem with Custom Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500Overview of the Java Standard Tag Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502

Chapter 16 • Enterprise JavaBeans and JSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503

An Overview of EJB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504Session Bean Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504Entity Bean Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504Using an Entity Bean to Abstract the Data Access Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504A Database-Driven Framework for Abstracting Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . 513Removing Data Access and Manipulation Code Using the

AbstractedQueryAccess

Class . . . . . 516A Simple Entity Bean for Query Access with Read, Write, and Create Functions . . . . . . . . 546

TQueryStoreBean—The Entity Bean . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549Testing an EJB Using a Standalone Test Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557

Using JBoss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573Installing and Setting Up JBoss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573Deploying with JBoss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573Referencing an EJB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577

Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579

Appendix A • Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581

Installing the Java Software Development Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581

XVI

CONTENTS

Installing a JSP/Servlet Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581Deploying JSP Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583

Appendix B • JSP and Servlet API References. . . . . . . . . . . . . . . . . . . . . . . . . . . 591

Commonly Inherited Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591The

javax.servlet

Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591

Appendix C • A Java Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611

Classes and Compilation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611Packaging Web Applications: Creating and Reading Java Archives . . . . . . . . . . . . . . . . . . . 614A Quick Tour of Common Constructions and Idioms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617

Appendix D • Proposed JSTL API Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623

C—Core Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623FMT—Formatting Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 627X—XML Validation Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 630sql—SQL Database Access and Presentation Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 633

Appendix E • Web Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .637

Introduction

These days employees are

being asked to do more work and take on more responsibilities than before. In many cases, versatility has become as important as productivity. This trend has affected every corner of industry, and now even regular employees are being asked to cross over and support specialized domains.

Demand has also increased for server-side web programming. More and more I’m being asked to provide instructions and tutorials on the basics of web programming and server-side development for employees from all areas, including C

++

programmers, system administrators, programmer analysts, biochemists, and other fields. There’s no reason these people can’t learn about web programming and JSP (JavaServer Pages) and succeed in extending their skills. The more productive and versatile an employee is, the more indispensable the employee can be for a company.

The Web is more prevalent than before, and it’s become an integral part of many businesses that don’t even have an open presence on the World Wide Web. More people are comfortable learning HTML (Hypertext Markup Language) and JavaScript to construct basic pages for their work and recreation. People from all areas are interested in expanding their skills to include web programming. Now, with the introduction of Tomcat 4, users can set up and run a JavaServer-enabled web server with virtually one mouse click (after unzipping the files). And with JBoss, an enterprising developer can run a full-fledged Java 2 Enterprise Server right on a desktop computer.

Unfortunately, many books on server-side development are not properly geared for easing the transition from casual HTML coding to server-side development. We wrote this book to help begin-ning and mid-level programmers with some familiarity with HTML, JavaScript, and Java grow to be competent server-side developers. The newer breed of workers often does not have the time to return to classes for a thorough computer science education. Although additional education is always a good idea, often mature students retain more information after they have been exposed to practical examples. That’s one of the beautiful aspects of JSP: it’s centered in the Presentation layer, so it provides imme-diate results, but it can allow developers to build and access Java objects and architectures of infinite complexity.

To educate casual users worried about the new demands of their jobs, and to teach seasoned Java programmers something about building a successful and responsible Presentation layer, this book focuses on preparing professional JSP web applications:

◆

Real-world examples are used whenever possible. This book contains no useless “Hello World” code.

◆

Standard Java classes are used as much as possible. All the examples compile cleanly and in most cases can be run independently of the other chapter examples. There are no mystery classes, and the source code for all the classes is readily available on the CD-ROM.

◆

The sample applications are thoroughly documented and commented. The code listings are formatted to encourage the reader to examine and read through the code. Part of becoming a good developer is being able to read source code and comments to get an understanding of what the code is doing before running it or stepping through the code with a debugger.

◆

Questions are raised, and solutions are provided, but you are encouraged to weigh the pros and cons and come to the proper decision for your situation. Success in the real world doesn’t come from pat, easy answers, but more often from careful deliberation and decisive action.

XVIII

INTRODUCTION

How This Book Is Organized

In this book, Chapter 1 introduces JSP and Servlets, the work environment, and it compares JSP with some of the other competing web-programming technologies.

Chapter 2 examines HTTP and discusses how web pages interact with servers. Servlets are intro-duced and used to show how you can build programs by reacting to HTTP (Hypertext Transfer Protocol) client requests. An example shows how you can dynamically configure a servlet , making it easier to work with and maintain.

Chapter 3 focuses on JSP processing and how a JSP is built from predefined tags, much like HTML. Scriptlet tags, which allow Java code to be inserted into JSPs, are also introduced and explained with a wealth of examples. The chapter also covers reflection and class introspection, two important concepts for understanding how Java classes interact on the server side.

Chapter 4 shows how scripting elements map the basic interactions between a JSP and Java classes. The concept of JavaBeans is gently introduced, leading to its full explanation in the next chapter.

Chapter 5 thoroughly explains how JavaBeans are created and how they interact with JSPs to reuse code and reduce page clutter. The chapter illustrates the use of JavaBeans with a sample application that allows a user to customize and set preferences.

Every application should implement some form of security or protection against corruption. Chapter 6 addresses some of the security issues of sharing data between pages. It also discusses authentication and gives some general points on security.

Chapter 7 shows how to access a database using JDBC (Java Database Connectivity). The chapter also covers techniques for presenting data and basic connection pooling. A sample application is built to illustrate basic SQL database interactions.

Chapter 8 addresses the issues of error handling and debugging. The chapter emphasizes the user’s experience, testing, and how to properly communicate error conditions to users. The chapter docu-ments the types of errors encountered while developing JSPs. It also explains exceptions, structured exception handling, and assertions, a new feature starting with Java 1.4. It looks at the methods for logging errors and redirecting output. A sample JSP and a servlet web application show how you can troubleshoot applications by scanning large log files.

Chapter 9 discusses how to measure performance and how to communicate performance expec-tations to users. The chapter also covers designing for performance, optimizing, self-testing, and stress testing.

Chapter 10 describes how to present XML (Extensible Markup Language) documents using JSP. XML can be a complicated subject, so we break it into several stages: understanding XML, displaying XML using CSS (Cascading Style Sheets), writing XSL (Extensible Stylesheet Language) templates, displaying XML with XSL references, generating HTML from XML and XSL, and migrating data with XML/XSL. A working XML application completes the chapter.

Chapter 11 addresses how you can use JSP to integrate legacy applications. The chapter covers writing Java wrappers and system call wrappers and discusses some of the common languages used for wrapping calls. It presents a simple program wrapper and guidelines and tips for writing and using larger-scale wrappers. The chapter also gives explanations and examples for working with interfaces, such as JNI (Java Native Interface) and RMI (Remote Method Invocation). RMI is the foundation of EJB (Enterprise JavaBeans) the subject of the last chapter.

INTRODUCTION

XIX

Chapter 12 shows how you can integrate Java extensions with JSP. The chapter covers changing graphic displays using the JAI (Java Advanced Imaging) extensions, and generating custom graphics with the Java 2D API (applications programming interface). The chapter also shows how Java supports internationalization and localization.

Chapter 13 explains the Model-View-Controller (MVC) web application framework and shows how you can implement it using a JSP or a servlet-based controller. The chapter also introduces some helpful utility classes for deploying applications in the real world. A working database application example shows one way of implementing dynamic authentication and handling roles, permissions, and access.

Chapter 14 describes some common problems and provides some possible solutions for working with databases. The chapter explains some potential problems that JSP developers might have with the

ResultSet

class, and provides two possible solutions. The chapter also presents some strategies for moving data access away from the Presentation layer, which is illustrated by a working database quiz application.

Predefined JSP tags do most of the work in constructing JSPs. Fortunately, the JSP architecture is flexible enough that it allows developers to create their own custom tags. Chapter 15 shows how to build and use custom tags. It explains tag interfaces and walks users through building and using the basic types of custom tags. The chapter concludes with an overview of the new JSTL (Java Standard Template Library).

Chapter 16 shows how JSPs can interact with EJBs (Enterprise JavaBeans). The chapter also pre-sents strategies for removing data interaction code, and the example applications show a database-driven framework for abstracting SQL queries. Data abstraction is carried a step further using an EJB Entity Bean. EJB testing and development is encouraged by using the open-source J2EE server JBoss.

Appendix A contains information on setting up the Tomcat JavaServer, MySQL database, and the JBoss J2EE server. Appendix B covers the JSP and Servlet API. Appendix C contains a Java primer that serves as a refresher on using the tools for compiling and packaging Java programs. These are the two most commonly used skills required by anyone interested in JavaServer programming. Unfortu-nately, most Java books do not adequately document the compilation and packaging processes. The primer also explains some of the common constructions found in the text. Appendix D covers the proposed JSTL API, and Appendix E lists helpful resources you’ll find on the Web.

The CD contains two directories: software and setup. The software directory contains installation files for: Tomcat, Jboss, MySQL, JODE, Jbuilder, Struts, and mm.mySQL Driver. The SRC directory contains packaged war files that you need to install inside the Tomcat

webapps

directory.I hope you enjoy the book. You can send me a question or a comment by e-mailing me at

[email protected]

.


Part

I

JSP Basics

In this section:

◆

Chapter 1: Introducing JavaServer Pages and the JSP Environment

◆

Chapter 2: HTTP and Servlet Basics

◆

Chapter 3: JSP Processing


Chapter 1

Introducing JavaServer Pages and the JSP Environment

In the early days

of the Web (1995), a lot of web pages were black text on a light gray back-ground with maybe a color logo. Then Java applets appeared. They became popular and quickly spread around the world because they attracted the viewer’s eye. Providing information took second place to providing users with entertainment. Quickly new technologies such as Flash and ActiveX and updated scripting languages such as VBScript and JavaScript jockeyed to provide dynamic presentations. However, none of the “eye candy” replacements had the Java advantage: platform inde-pendence. This advantage would later make a crucial difference in the proliferation and adoption of Java as the preferred server-side solution, and eventually it was decided that JavaServer Pages would be the official format for presenting enterprise Java on the Web.

In this chapter, we’ll discuss the role of JSP and its advantages, and we’ll compare JSP with similar technologies. We’ll also present an overview of web programming as a background for learning JSP. We’ll look at several of the available web server environments for JavaServer engines, and last we’ll look at some of the client-side Integrated Development Environments (IDEs) useful for developing JSP pages. The examples in this book will use the Tomcat Java server. (For Tomcat setup instruc-tions, see Appendix A.)

Featured in this chapter:

◆

Web programming overview

◆

Background for learning JSP

◆

The various web server environments

◆

Client-side IDEs

4 C

HAPTER

1

INTRODUCING JAVASERVER PAGES AND THE JSP ENVIRONMENT

The Growth of Server-Side Java and JSP’s Role

From the beginning, Java’s marketing mantra was “write once, run anywhere,” and properly written, Java could be labeled 100 percent pure Java—meaning that it could run on any platform with a Java virtual machine. Of course, poorly written code might only run on one operating system, if it ran at all.

Platform independence is an important feature of Java, and it has helped establish Java as a standard language that can unify all the operating systems serving pages to the World Wide Web. Although supporting plurality is important, statistically the Web is served overwhelmingly by Apache web servers running on Unix, or *nix.

Note

The abbreviation *nix is often used to refer to the many flavors of Unix, for example, HP Unix, SGI Irix,Linux, Sun Solaris Unix, FreeBSD, and so on. For a long list, go to

www.ugu.com

.

Note

Apache is an open-source web server, one of the most common in the world. Developed by the Apache SoftwareFoundation, it has been around since 1995. The Apache Software Foundation also provides support for the Jakartaprojects, all written in Java, with Tomcat being the foundation’s implementation of the JavaServer and JSP specification.

With such a large variety of web server operating systems, the “write once, run anywhere” mantra becomes more than a marketing buzzword—it’s a necessity. Also the creators and owners of Java, Sun Microsystems implement the Java environment on Unix (Solaris source code is available), whereas the Microsoft Windows Java environment has to function on top of the “black box” of the windows code. Fortunately, virtually all Java implementations have smoothed out their inconsistencies, so Java is now a stable, enterprise-ready environment. You can see why a Java environment is the natural choice for a majority of web servers.

What Is a JSP Page?

A JSP page is an HTML web page that has been enhanced by the addition of special tags and Java code, both of which are used by the web server and the JavaServer Engine to create a page for a client’s web browser.

Note

JavaServer Pages (JSP) is a server-side programming language. The raw Java/JSP code never reaches the client.Java can be used on the client side in the form of applets, or applications installed on the desktop.

Warning

The closest client-side scripting language is probably JavaScript. But JavaScript is not Java!

The JavaServer Engine strips out the special tags and Java source code and uses the code to inter-pret and create the page that the web server sends out; no Java code is actually sent to the client. Thus, any web browser with or without Java installed can use a JSP application! The JSP page is actually compiled into a servlet on the Java-enabled web server; thus to serve out JSP pages, a web server must have a JavaServer Engine installed or provide this functionality. Later in this chapter, we’ll look at different JavaServer Engines and JSP development environments.

Server-side Java was a late entry to the game; servlets only became possible with the release of Java 1.2. A

servlet

is a Java program that runs only on a Java-enabled web server servlet container. A

servlet container

is a JavaServer Engine that can host servlets and JSP pages. For example, Apache’s

THE GROWTH OF SERVER-SIDE JAVA AND JSP’S ROLE

5

Tomcat is a servlet container. A servlet is designed to run only on a web server inside a servlet con-tainer; you cannot run a servlet as a standalone application or in a browser window, but a browser can send requests and receive responses from a servlet.

A servlet receives a request, processes some information, and returns a result. That may sound vague, but it has to be said that way because servlets have a certain quality of vague flexibility. For example, you could design an application so that a client could request information about a race horse. One servlet could then return the statistics, while another servlet could return a picture of the horse. Another servlet might call the database to record the popularity of the horse and check the client’s connection speed. If the client happens to have a small screen or a slow connection, another servlet could pass the information on to an image-formatting servlet, which would then return the final processed page. Servlets can be chained together so that they go far beyond the typical web paradigm of one page request returning one page view.

HTTP servlets behave similarly to CGI programs: they accept raw input from a client’s browser, process the data, and return a result. The idea was that they could provide additional functionality at a crucial stage. For example, using regular HTML, a website can direct users to a selection of prod-ucts, cache the selections (albeit somewhat awkwardly), send the user to an order submit page, process the final order by checking the parameters, call a database to log a charge against the customer’s account, and remove the item(s) from inventory.

CGI programs were written in the C programming language, whereas servlets take advantage of Java’s structured exception handling. As you will see, the JSP environment has further improved the handling of errors. Beyond mimicking the behavior of CGI programs, Java servlets added Session and Servlet Context objects. We’ll look at these in depth in Chapter 2.

Why Use JSP?

The following are some of the advantages associated with JSP:

◆

JSP encourages platform independence: conscientiously written code can be

written once, run anywhere.

◆

JSP is the preferred Presentation layer for enterprise services.

◆

JSP provides stability by allowing developers to use and integrate established, thoroughly tested Java code.

◆

JSP can encourage a clean separation of the Data layer from the Presentation layer of an application.

◆

JSP’s seamless integration with the Java2 Enterprise Edition services encourages the develop-ment of extended architectures, not just a series of web pages linked together.

In addition to serving JSP pages, the JavaServer Engine provides functionality and memory for creating objects that persist across the user’s session state. Thus, a user can visit a page, begin an order, look at some unrelated pages, perhaps browse through similar products—with the JavaServer Engine patiently holding onto the user’s shopping cart selections—and then return to complete the order. All the behind-the-scenes caching of the user selections happens without extra code. Numerous time-savers and opportunities for code reuse make JSP popular for developers, especially compared with the options.

6 C

HAPTER

1


Learning JSP: How Hard Is This Going to Be?

From our experience of observing and teaching people new to JSP, we have found that given enough enthusiasm and effort anyone can become proficient in JSP and web programming. Different back-grounds, however, present different challenges.

Getting into JSP with a Background in HTML

Coming from an HTML background centers the developer on the user’s experience. HTML coders usually know what works for users, and usually they can give a fair estimate of what’s possible and how long it will take. The danger is that they might get hypnotized by flashy graphics instead of getting their application to talk to the database.

The most difficult part for someone with heavy HTML experience is that Java is not JavaScript; although many features of the languages are similar, they are two different languages. The challenge depends on how much Java you want to learn. Just enough Java to create good JSP pages is within ready grasp; proficiency in the fine points of graphic user components, for example GUI applets that enhance a JSP, will take longer. Depending on your situation and needs, the learning curve may not be a great barrier; the more complex features of Java and JSP are getting easier to use all the time through pre-packaged JavaBeans, Java classes, and JSP tag libraries. We’ll look at these technologies in depth in the coming chapters.

Getting into JSP with a Background in C/C++ or Java Application Programming

Sooner or later, every application programmer longs to put up a web page or even get a web page to run their program. This desire arises because the web is everywhere and because these days HTML documentation of source code is a standard feature of many tools. For example, javadoc, a program bundled with the Java Development Kit (JDK), produces hyperlinked HTML files from Java source code. Many other IDE vendors have followed suit, adding this functionality to generate HTML road maps in C, C++, and other languages.

The most difficult part for application programmers is remembering and understanding the end user. This viewpoint is deceptively simple, and many engineers often quickly forget that a web application lives or dies by the user’s approval. In a way, it’s not surprising that they don’t put the user first because until recently university computer science courses often didn’t give due emphasis to designing for end users.

Many companies deal with this apparent skills gap by including a graphic artist and sometimes a creative director on a project team. This approach is a good management technique for remedying imbalances; however, it’s far more efficient to anticipate the problems and deal with them at the source. The more you understand, the more you will be valued as a developer. Although there may be a practical limit on how much technical knowledge you want to acquire, interpersonal understanding—such as the insight into what users want in a web page form and how they want to be able to find help—will often play a more important role in projects and promotions than technical know-how.

Many books can help you understand the sometimes inscrutable demands of users and managers. We recommend

Designing Web Usability

,

by Jakob Nielsen (New Riders Publishing, 1999), for excellent insights and more than common sense, and

The Inmates Are Running the Asylum

,

by Alan Cooper (Sams, 1999), for a detailed look at how to harmonize software design and user needs.

WEB PROGRAMMING LANGUAGES COMPARED

7

Web Programming Languages Compared

As the web has grown, the demand for flexible ways to design it has only increased. Web program-ming languages have made difficult tasks easier and turned impossible ideas into attainable goals. In this section, we’ll look at some of these languages. We’ll point out their advantages and disadvantages and, as appropriate, discuss the advantage of using JSP instead of one of these languages.

Perl

Perl (Practical Extraction and Report Language) handles the processing and formatting of text excep-tionally well. It can be expanded by the use of modules of code and is supported by many operating systems.

CGI (Common Gateway Interface) is the use of Perl in a web server environment. Perl can be resource expensive because there’s no built-in functionality for sharing application resources, for example, session tracking, database connection pooling, and so on. CGI/Perl has limited error-handling capabilities. The Web was first programmed with CGI scripts, and Perl remains largely procedural, which is excellent for simple tasks but poses special problems for code reuse. Often Perl is difficult to learn because of its many idiosyncratic language constructions.

The JSP advantage over Perl is that JSP provides special, customized error handling, which we’ll look at in detail in Chapters 4 and 8.

ASP (Active Server Pages)

ASP is a scripting language similar to JSP that provides native support for documents created with Microsoft products, for example, an Excel spreadsheet. ASP is proprietary, however, and runs only on Windows web servers.

Note

Some software companies have/are developing ASP engines/interpreters for non-Windows platforms; however,developers must nevertheless be proficient in the proprietary Microsoft languages. VBScript, C#, and Microsoft’s ASPframework leave significant portions of the architecture components in limbo. ActiveX data objects, COM (ComponentObject Model) DLLs, and COM servers must be served up from a Windows Registry and a Service Control Manager(SCM).

Both ASP and IIS (Internet Information Services), Microsoft’s web server, rely on the COM/COM+ enterprise application framework being hosted on Microsoft servers. This arrangement can limit the flexibility of an application as it places demands on a business’s hardware and software choices.

The advantage of using JSP rather than ASP is that JSP is cross-platform ready, without any func-tionality being crippled. JSP’s backbone Java architecture allows supporting components to be dis-tributed in source form or near equivalents, allowing greater user-ownership of the product and the potential for more thorough debugging (the source can be decompiled); whereas ActiveX and the COM/COM+ architecture models aim to produced discreet “black boxes” of software tied to a Windows machine.

8 C

HAPTER

1


ColdFusion

ColdFusion is fairly unique among web application tools because it uses a tag-based scripting lan-guage. When you view the source files of an application created in ColdFusion, you see tag sets that behave much the same as HTML tags. Thus, ColdFusion has an edge in projects in which program-mers and graphic designers collaborate. Programmers can build some fairly sophisticated web appli-cations that nevertheless allow designers to find their way around the tag-based source code even if they aren’t familiar with programming. ColdFusion is also extensible, meaning that if you find a task it can’t handle, you can create a solution with another programming language such as Perl or C and then seamlessly integrate it with ColdFusion.

ColdFusion’s tag-based language may also be its biggest drawback. Although the tags provide shortcuts to common programming tasks, they can also create unwieldy code that’s difficult for anyone but the original programmer to troubleshoot. Also, unlike many of the tools described here, ColdFusion Server is an application that must be purchased and installed in conjunction with your existing web server. Many web-hosting services support ColdFusion, but you can expect higher monthly rates.

PHP: Hypertext Preprocessor

PHP is an open-source scripting language, and as such it has the potential to change faster; individuals can participate in the development and maturation of the language.

PHP is a late entry in the arena of web server programming languages. It has an unusual scripting syntax, which is a mix of Perl, C++, and Java. Although PHP was originally designed for small sites, it’s now striving to grow and achieve speed and efficiency. Many web programmers select PHP because a number of free, open-source portal and bulletin board software modules are available.

JSP has an advantage in that its underlying language is Java, one of the world’s most popular programming languages. PHP’s language is powerful, but many managers and companies may be discouraged from using PHP because it can be more difficult to find developers and support personnel to write and maintain the code.

JSP in Various Server Environments

JSP can’t be run standalone for a couple of reasons, but for each reason JSP gains an advantage:

◆

JSP pages must be compiled before they are served. The JSP source files are changed from ASCII text into Java byte code, which speeds up their execution and allows the web server to cache them in memory.

Note

The only disadvantage of the compiling and caching mechanism is that, in most cases, during debugging, a devel-oper must stop the web server, manually delete the compiled pages, upload the new source files, and restart the web server.Otherwise, the old JSP pages will be served up, often even in the presence of newer source files!

◆

JSP pages run inside a servlet container that is usually part of a larger JavaServer Engine. That engine is usually part of a larger J2EE architecture. Because JSP pages must be hosted by a JavaServer Engine, they are always ready to integrate with other J2EE services as they come online.

JSP IN VARIOUS SERVER ENVIRONMENTS

9

Which Java Environment?

Now that you need a JavaServer environment, which one is best? Well that depends. At most companies, the Java environment is decided for you by issues of cost, availability of support, and the experiences of other developers and managers. However, because you might be called on to give an educated evaluation, and because you might have to work with one or more of these systems, it’s important to learn their names and something about their features.

Tomcat

Tomcat (see Figure 1.1) is the Java Servlet container implementation for the Java Servlet specification and the JavaServer Pages specification. It’s different from the other Java environments described here in that by itself it doesn’t provide all the features of a Sun-certified J2EE environment. Regardless, Tomcat has been and will continue to be the backbone of Java development.

F

IGURE

1.1

Tomcat JavaServer Engine at startup in a console window

What Is J2EE?

J2EE (officially, Java 2 Platform, Enterprise Edition) is a set of standards that allows for a unified back endfor business architecture, including the following services:

◆

Middleware: EJB (Enterprise JavaBeans) and JMS (Java Message Service)

◆

Data management: JDBC (Java Database Connectivity) and the extensions that some database ven-dors provide in their JDBC drivers

◆

Transactions: JTS (Java Transaction Service)

◆

Directory services: JNDI (Java Naming and Directory Interface)

◆

Presentation layer: servlets and JSP

The items in this list account for the information management needs of most businesses. Indeed, thescope of J2EE is so large that most people specialize in a particular area. Sections of the rest of this book willdeal with two of the major services, EJB and JDBC.