1 Define head and root elements
The deployment descriptor file is like all XML files must start with an XML header. This header declares can use the XML version and give the character encoding of the file.
DOCYTPE declaration must immediately appear after this header. This declaration tells the server to which the version of the servlet specification (such as 2.2 or 2.3) is specified and specifying the DTD (Document Type Definition, document type definition) of the syntax of this file.
The top (root) element of all deployment descriptor files is a web-app. Note that XML elements are unlike HTML, they are sensitive. Therefore, both web-app and web-app are illegal, and the web-app must be written.
2 deploy the order of element in the descriptor file
The XML element is not only sensitive, but they are also sensitive to the order in other elements. For example, the XML head must be the first item in the file, and the DOCTYPE statement must be the second item, and the web-app element must be a third item. In the web-app element, the order of the elements is also important. The server is not necessarily forced to require this order, but they allow (actually some servers doing this) completely refuse to perform web applications that contain elements in order incorrect. This means that the Web.xml file used in the order of the non-standard element is unmistable.
The following list gives all the order necessary for all legitimate elements that can appear in the web-app element. For example, this list Description servlet elements must appear before all servlet-mapping elements. Please note that all of these elements are optional. Therefore, a certain element can be omitted, but it cannot be placed in an incorrect position.
l icon icon elements indicate that the IDE and GUI tools are used to represent one and two image files of the web application.
l Display-name Display-Name element provides a GUI tool that may be used to mark a name for this particular web application.
The L Description Description element gives an illustrative text associated with this.
l Context-param context-param element declares initialization parameters within the application range.
l Filter filter elements Associate a name with a class that implements the Javax.Servlet.Filter interface.
l Filter-Mapping Once a filter is named, use the filter-mapping element to associate it with one or more servlets or JSP pages.
l Listener Servlet API version 2.3 adds support for event listeners, and event listeners are notified when establishing, modifying, and deleting sessions or servlet environments. The Listener element indicates the event listener class.
l Servlet When you set an initialization parameter or a custom URL to the servlet or JSP page, you must first name the servlet or JSP page. The servlet element is used to complete this task.
l Servlet-Mapping Server typically provides a default URL for servlet:
HTTP: // Host / WebAppprefix / servlet / servletname. However, this URL is often changed so that servlets can access initialization parameters or more easily handle relative URLs. Using servlet-mapping elements when changing the default URL.
l Session-config If a session is not accessed for a certain period of time, the server can discard it to save memory. The timeout value of a single session object can be explicitly set by using the HttpSession's setMaxinactiveInterVal method, or the default timeout value can be used to use the session-config element.
l Mime-mapping If the web application has a special file, I hope to guarantee the assigned MIME type, then the mime-mapping element provides this guarantee.
l Welcom-file-list welcome-file-list element indicates which file when receiving a directory name instead of a file name instead of a file name. l Error-Page Error-Page element allows the page that will be displayed when the particular type of abnormality is returned, or when the particular type of exception is thrown.
l Taglib Taglib Elements Specify an alias for tag libraryu descriptor file. This feature allows you to change the location of the TLD file without editing the JSP page using these files.
l Resource-Env-Ref Resource-Env-Ref element declares a management object related to the resource.
l Resource-Ref Resource-Ref element declares an external resource used by a resource factory.
l Security-constraint security-constraint Elements Develop the URL that should be protected. It uses the login-config element
l login-config Use the login-config element to specify how the server authorizes the user authorization to access the protected page. It is used in combination with the Sercurity-Constraint element.
l Security-role security-role elements give a list of secure roles that will appear in the Role-Name sub-elements of the security-role-ref elementality within the servlet element. Declaration of the role separately makes advanced IDE processing security information easier.
l Env-entry env-entry elements declare the environment item of the web application.
l EJB-REF EJB-REF Elements Declare a reference to the primary directory of an EJB.
l Ejb-local-ref ejb-local-ref element declares an application of an EJB local host directory.
3 Assign names and customized UL
One of the most common tasks completed in Web.xml is to give the servlet or JSP page to the name and custom URL. Use the servlet element to associate the custom URL with the just assigned name using the servlet-mapping element.
3.1 Assign name
In order to provide initialization parameters, define a custom URL or assign a security role to the servlet or JSP page, you must first give the servlet or JSP page a name. A name can be assigned via the servlet element. The most common formats include servlet-name and servlet-Class sub-elements (within the web-app element), as shown below:
test
moreservlets.testServlet
This means that servlets in Web-INF / CLASSERVLET have been registered TEST. It has two main meanings to servlet a name. First, initialize the parameters, custom URL mode, and other customizations this registration name rather than the class name references this servlet. Second, this name can be used in the URL instead of the class name. Therefore, using the definition just given, the URL
http: // host / webapprew / servlet / test can be used in http: //host/webapprefix/servlet/moreServlets.TestServlet venues.
Keep in mind: XML elements are not only sensitive, but also define their order. For example, all servlet elements in the web-app element must be in all servlet-mapping elements (introduced by the next section), and also in 5.6 and 5.11, the elements related to the filter or document (if any) prior to. Similarly, servlet-name child elements of servlet must also appear before servlet-class. Section 5.2 "Deployment Descriptor Document" The order of elementality will be described in detail. For example, the program list 5-1 gives a simple servlet called TestServlet, which resides in the MoreServlets package. Because this servlet is an integral part of a web application that is rooted in a directory named deploydemo, TestServlet.class is placed in deploydeMo / web-inf / class. Program Listing 5-2 gives a part of the web.xml file that will be placed in the deploydedeno / web-INF /. This web.xml file uses servlet-name and servlet-Class elements to associate name Test with TestServlet.class. Figures 5-1 and Figure 5-2 show the results when using the default URL and the registration name call TestServlet, respectively.
Program List 5-1 TestServlet.java
Package morvelvlets;
Import java.io. *;
Import javax.servlet. *;
Import javax.servlet.http. *;
/ ** Simple Servlet Used to Illustrate Servlet Naming
* And custom urls.
*
* Taken from More Servlets and JavaServer Pages
* Frompentice Hall and Sun Microsystems Press,
*
http://www.moreservlets.com/.
* © 2002 Marty Hall; May Be Freely Used OR Adapted.
* /
Public class testservlet extends httpservlet {
Public void doget (httpservletRequest Request,
Httpservletresponse response
Throws servletexception, ioException {
Response.setContentType (Text / HTML ");
PrintWriter out = response.getwriter ();
String Uri = Request.getRequesturi ();
Out.println (ServletUtilities.Headwithtitle ("Test Servlet")
"
/ n"
"
URI:" URI " / n"
" ");
}
}
Program List 5-2 Web.xml (Description Servlet name excerpt)
PUBLIC "- // sun microsystems, inc." "Http://java.sun.com/dtd/web-app_2_3.dtd">
test
moreservlets.testServlet
3.2 Defining a custom URL
Most servers have a default Servervet URL:
Http: //host/webappprefix/servlet/packageName.ServletName. Although it is very convenient to use this URL in development, we often want another URL to deploy. For example, a URL that appears in a web application is required (eg Http: // Host / WebAppreFix / Anyname), and there is no servlet item in this URL. The URL located on the top layer simplifies the use of relative URLs. In addition, for many developers, the top URL looks more shorter than the longer and more troublesome default URL.
In fact, sometimes you need to use a custom URL. For example, you may want to close the default URL mapping to better enforce secure restrictions or prevent users from accidentally accessing a servlet without initialization parameters. If you prohibit the default URL, how do you access servlet? At this time, only the custom URL is used.
To assign a custom URL, servlet-mapping elements can be used and its servlet-name, and url-pattern child elements. The servlet-name element provides an arbitrary name that can be used to reference the corresponding servlet; URL-Pattern describes the URL of the root directory relative to the web application. The value of the URL-PATTERN element must be started at a slash (/).
The following is a simple web.xml excerpt, which allows URL http: // host / webappprefix / urltest instead of http: // host / webapppppppppppppppppppppppppppppppppppppppppppppppppppppprefix / us
http: //host/webappprefix/servlet/moreServlets.TestServlet. Note that the XML header, DOCTYPE declaration, and web-app are closed elements. In addition, you can recall, the XML element is not casual. In particular, you need to put all servlet elements before all servlet-mapping elements.
test
moreservlets.testServlet
test
/ urltest
The URL mode can also contain wildcards. For example, the following applet indicates that the server sends all the URL prefixed in the web application to start with the request to be named Bashms.
Bashms
msutils.asptranslator
Bashms
/ *. asp
3.3 Name JSP Page
Because the JSP page is converted to a Sevlet, nature wants to name the JSP page like a servlet. After all, the JSP page may benefit from the initialization parameters, security settings, or custom URLs, just as ordinary servevet. Although the background of the JSP page is actually a servlet sentence is correct, there is a key suspicion: that is, you don't know the actual class name of the JSP page (because the system chooses this name). Therefore, in order to name the JSP page, the JSP-File element can be replaced with a servlet-calss element, as shown below:
test
/testpage.jsp
The reasons for named the JSP page are identical to the name of the servlet: that is, in order to provide a name for use with custom settings (such as initialization parameters, and security settings), and so that you can change the URL of the JSP page (more than saying that A URL is handled by the same page, or removes the .jsp extension from the URL. However, when setting up initialization parameters, it should be noted that the JSP page is using the JSPinit method, not the initial read of the initialization parameters.
For example, a program list 5-3 gives a simple JSP page called TestPage.JSP, which is just printing the local part of the URL used to activate its URL. TestPage.JSP is placed on the top of the deploydemo application. Program Listing 5-4 gives a web.xml file that is used to assign a registered name PageName, then this registration name with http: // host / webapprefix / urltest2 / anything form (ie DeploydeMo / Web- Part of INF / Web.xml.
Program List 5-3 TestPage.JSP
</p>
<p>JSP Test Page</p>
<p></ Title></p>
<p></ HEAD></p>
<p><Body bgcolor = "# fdf5e6"></p>
<p><H2> URI: <% = Request.getRequesturi ()%> </ h2></p>
<p></ Body></p>
<p></ Html></p>
<p>Program List 5-4 Web.xml (Description JSP page Named Extract)</p>
<p><? Xml Version = "1.0" encoding = "ISO-8859-1"?></p>
<p><! DocType web-app</p>
<p>Public "- // Sun microsystems, Inc.//dtd Web Application 2.3 // en"</p>
<p>"http://java.sun.com/dtd/web-app_2_3.dtd"></p>
<p><web-app></p>
<p><! - ... -></p>
<p><servlet></p>
<p><servlet-name> PageName </ servlet-name></p>
<p><jsp-file> /testpage.jsp </ jsp-file></p>
<p></ servlet></p>
<p><! - ... -></p>
<p><servlet-mapping></p>
<p><servlet-name> PageName </ servlet-name></p>
<p><url-pattern> / urltest2 / * </ url-pattern></p>
<p></ servlet-maping></p>
<p><! - ... -></p>
<p></ web-app></p>
<p>4 prohibited activator servlet</p>
<p>One reason for establishing a custom URL for a servlet or JSP page is that this can be registered to read the initialization parameters from the init (servlet) or JSPINIT method. However, the initialization parameters can only be used when accessing the Servlet or JSP page using custom URL mode or registration name, can be used with default URL http: // host / webapppprefix / servlet / servletName. Therefore, you may want to turn off the default URL, so no one will accidentally call the initialization servlet. This process is sometimes referred to as forbidden activator servlet because most of the server has a standard servlet registered with the default servlet URL and activates the default URL application's actual servlet.</p>
<p>There are two main methods for prohibiting this default URL:</p>
<p>l Remap / servlet / mode in each web application.</p>
<p>l Global Close the activator servlet.</p>
<p>It is important to note that although rereading / servlet / mode in each web application is more done than thoroughly activating Servlet, re-mapping can be done with a fully portable manner. Instead, the global prohibition activator servlet is completely for specific machines, and the actual server (such as servletexec) does not have such a selection. The following discussion strategy for re-maping / servlet / URL schema for each web application. The details of the global disable activator servlet in Tomcat are provided later.</p>
<p>4.1 Remap / servlet / URL mode</p>
<p>It is very simple to prohibit the URL of HTTP: // Host / WebAppprefix / servlet / start in a specific web application. What you need is to create an error message servlet and turn all match requests to the servlet using the URL-Pattern element discussed by the previous section. Just use it simply:</p>
<p><url-pattern> / servlet / * </ url-pattern></p>
<p>As a mode in the servlet-mapping element.</p>
<p>For example, program list 5-5 gives a part of the deployment descriptor file associated with all URLs that open with HTTP: // Host / WebAppRefix / servlet / header.</p>
<p>Program List 5-5 Web.xml (Description JSP page named)</p>
<p><? XML Version = "1.0" encoding = "ISO-8859-1"?> <! doctype web-app</p>
<p>Public "- // Sun microsystems, Inc.//dtd Web Application 2.3 // en"</p>
<p>"http://java.sun.com/dtd/web-app_2_3.dtd"></p>
<p><web-app></p>
<p><! - ... -></p>
<p><servlet></p>
<p><servlet-name> sorry </ servlet-name></p>
<p><servlet-class> moreservlets.sorryservlet </ servlet-class></p>
<p></ servlet></p>
<p><! - ... -></p>
<p><servlet-mapping></p>
<p><servlet-name> sorry </ servlet-name></p>
<p><url-pattern> / servlet / * </ url-pattern></p>
<p></ servlet-maping></p>
<p><! - ... -></p>
<p></ web-app></p>
<p>Program List 5-6 SorryServlet.java</p>
<p>Package morvelvlets;</p>
<p>Import java.io. *;</p>
<p>Import javax.servlet. *;</p>
<p>Import javax.servlet.http. *;</p>
<p>/ ** Simple Servlet Used to Give Error Messages</p>
<p>* Users who try to access default servlet URLS</p>
<p>* (I.e., http:// host / webappprefix / servlet / servletname)</p>
<p>* In Web Applications That Have Disabled this</p>
<p>* Behavior.</p>
<p>* <P></p>
<p>* Taken from More Servlets and JavaServer Pages</p>
<p>* Frompentice Hall and Sun Microsystems Press,</p>
<p>* Http://www.moreservlets.com/.</p>
<p>* © 2002 Marty Hall; May Be Freely Used OR Adapted.</p>
<p>* /</p>
<p>Public class sorryservlet extends httpservlet {</p>
<p>Public void doget (httpservletRequest Request,</p>
<p>Httpservletresponse response</p>
<p>Throws servletexception, ioException {</p>
<p>Response.setContentType (Text / HTML ");</p>
<p>PrintWriter out = response.getwriter ();</p>
<p>String title = "Invoker servlet disabled."</p>
<p>Out.println (servletutilities.headwithtitle (title) </p>
<p>"<Body bgcolor = /" # fdf5e6 / "> / n" </p>
<p><H2> Title "</ h2> / n" </p>
<p>"Sorry, Access to servlets by means of / n" </p>
<p>"Urls That Begin with / N" "http:// Host / WebAppprefix / servlet // n" </p>
<p>"HAS BEEN DISABLED./N" </p>
<p>"</ Body> </ html>");</p>
<p>}</p>
<p>Public void dopost (httpservletRequest Request,</p>
<p>Httpservletresponse response</p>
<p>Throws servletexception, ioException {</p>
<p>DOGET (Request, Response);</p>
<p>}</p>
<p>}</p>
<p>4.2 Global Prohibition Activator: Tomcat</p>
<p>The method used to close the default URL in Tomcat 4 is very different from Tomcat 3 very different. Here are two ways:</p>
<p>1. Prohibited activator: Tomcat 4</p>
<p>Tomcat 4 closes the activator servlet with the same way as the front, that is, using the URL-MAPPING element in Web.xml to close. The difference is that Tomcat uses a server-specific global web.xml file on install_dir / confation, and the front use is the standard web.xml file stored in a web-inf directory of each web application.</p>
<p>Therefore, in order to close the actuator servlet in Tomcat 4, simply commemorate the / servlet / * URL mapping item in install_dir / conf / web.xml, as shown below:</p>
<p><! -</p>
<p><servlet-mapping></p>
<p><servlet-name> Invoker </ servlet-name></p>
<p><url-pattern> / servlet / * </ url-pattern></p>
<p></ servlet-maping></p>
<p>-></p>
<p>Remind again, it should be noted that this item is located in a web.xml file stored in the Tomcat dedicated to install_dir / confation. This file is not standard Web.xml stored in the web-inf directory of each web application.</p>
<p>2. Prohibited activator: Tomcat3</p>
<p>In the version 3 of Apache Tomcat, the INVOKERINTERCEPTOR item globally prohibits the default servlet URL through the INSTALL_DIR / CONF / Server.xml. For example, the following is a part of the server.xml file for the default servlet URL.</p>
<p><! -</p>
<p><RequsetInterceptor</p>
<p>ClassName = "Org.apache.tomcat.Request.InvokerInterceptor"</p>
<p>Debug = "0" prefix = "/ servlet /" /></p>
<p>-></p>
<p>5 Initialization and preloading servlet with JSP page</p>
<p>The method of controlling the startup behavior of the Servlet and JSP pages is discussed here. In particular, explain how to assign initialization parameters and how to change the time to load the Servlet and JSP pages in the server life.</p>
<p>5.1 Assigning a servlet initialization parameter</p>
<p>The initialization parameters are initialized to servlet using the init-param element, and the init-param element has param-name and param-value child elements. For example, in the following example, if the INITSERVLET servlet is accessible using its registration name (INITTEST), it will be able to call GetServletConfig () from its method, get "Value 1", call GetServletConfig ) .GetinitParameter ("param2") gets "2". <servlet></p>
<p><servlet-name> inittest </ servlet-name></p>
<p><servlet-class> moreservlets.initServlet </ servlet-class></p>
<p><init-param></p>
<p><param-name> Param1 </ param-name></p>
<p><param-value> Value1 </ param-value></p>
<p></ init-param></p>
<p><init-param></p>
<p><param-name> Param2 </ param-name></p>
<p><param-value> 2 </ param-value></p>
<p></ init-param></p>
<p></ servlet></p>
<p>There are a few things to pay attention to when involving initialization parameters:</p>
<p>l Return the value. The return value of GetInitParameter is always a string. Therefore, in the previous example, INT can be obtained using INTEGER.PARSEINT for PARAM2.</p>
<p>l In the JSP in JSP. The JSP page uses JSPinit instead of init. The JSP page also needs to use the JSP-File element instead of servlet-class.</p>
<p>l Default URL. The initialization parameters can be used only when accessing the servlet through custom URL schema related to their registration names or custom URL schema. Therefore, in this example, PARAM1 and PARAM2 initialization parameters will be available when using URL HTTP: // Host / WebAppreFix / Servlet / InitTest, but cannot be used when using URL http: //host/webapprefix/servet/mypackage.initservlet use.</p>
<p>For example, program list 5-7 gives a simple servlet called INITSERVLET, which uses the init method to set the firstname and emaildress fields. Program Listing 5-8 gives the allocated name inittest to the Web.xml file for servlet.</p>
<p>Program List 5-7 INITSERVLET.JAVA</p>
<p>Package morvelvlets;</p>
<p>Import java.io. *;</p>
<p>Import javax.servlet. *;</p>
<p>Import javax.servlet.http. *;</p>
<p>/ ** Simple Servlet Used to Illustrate Servlet</p>
<p>* Initialization Parameters.</p>
<p>* <P></p>
<p>* Taken from More Servlets and JavaServer Pages</p>
<p>* Frompentice Hall and Sun Microsystems Press,</p>
<p>* Http://www.moreservlets.com/.</p>
<p>* © 2002 Marty Hall; May Be Freely Used OR Adapted.</p>
<p>* /</p>
<p>Public class initservlet extends httpservlet {private string firstname, emailaddress</p>
<p>Public void init () {</p>
<p>ServletConfig CONFIG = GetServletConfig ();</p>
<p>Firstname = config.getinitParameter ("firstname");</p>
<p>EmailAddress = config.getinitParameter ("emailaddress");</p>
<p>}</p>
<p>Public void doget (httpservletRequest Request,</p>
<p>Httpservletresponse response</p>
<p>Throws servletexception, ioException {</p>
<p>Response.setContentType (Text / HTML ");</p>
<p>PrintWriter out = response.getwriter ();</p>
<p>String Uri = Request.getRequesturi ();</p>
<p>Out.println (ServletUTILITIES.Headwithtitle ("init servlet") </p>
<p>"<Body bgcolor = /" # fdf5e6 / "> / n" </p>
<p>"<H2> init parameters: </ h2> / n" </p>
<p>"<Ul> / n" </p>
<p>"<Li> first name:" firstname "/ n" </p>
<p><Li> email address: " emaildDress " / n " </p>
<p>"</ Ul> / n" </p>
<p>"</ Body> </ html>");</p>
<p>}</p>
<p>}</p>
<p>Program List 5-8 Web.xml (Description Extract of Initialization Parameters)</p>
<p><? Xml Version = "1.0" encoding = "ISO-8859-1"?></p>
<p><! DocType web-app</p>
<p>Public "- // Sun microsystems, Inc.//dtd Web Application 2.3 // en"</p>
<p>"http://java.sun.com/dtd/web-app_2_3.dtd"></p>
<p><web-app></p>
<p><! - ... -></p>
<p><servlet></p>
<p><servlet-name> inittest </ servlet-name></p>
<p><servlet-class> moreservlets.initServlet </ servlet-class></p>
<p><init-param></p>
<p><param-name> firstname </ param-name></p>
<p><param-value> larry </ param-value></p>
<p></ init-param></p>
<p><init-param></p>
<p><param-name> EmailAddress </ param-name></p>
<p><param-value> Ellison@microsoft.com </ param-value></p>
<p></ init-param></p>
<p></ servlet> <! - ... -></p>
<p></ web-app></p>
<p>5.2 Assign JSP initialization parameters</p>
<p>Providing initialization parameters to the JSP page differ from the three aspects to the servlet to provide initialization parameters.</p>
<p>1) Use JSP-File instead of servlet-class. Therefore, the servlet elements of the web-inf / web.xml file are as follows:</p>
<p><servlet></p>
<p><servlet-name> PageName </ servlet-name></p>
<p><jsp-file> /RealPage.jsp </ jsp-file></p>
<p><init-param></p>
<p><param-name> ... </ param-name></p>
<p><param-value> ... </ param-value></p>
<p></ init-param></p>
<p>...</p>
<p></ servlet></p>
<p>2) Almost always allocate a clear URL mode. For the servlet, the default URL starting with http: // host / webapppprefix / servlet / start. Just remember, use the registration name instead of the original name. This is also legal for JSP pages. For example, in the examples given above, the URL HTTP: // Host / WebAppPrefix / Servlet / PageName Access RealPage.JSP has access to the initialization parameters. But when used in the JSP page, many users do not like to use the URL of the regular servlet. In addition, if the JSP page is located in the directory for the server to provide a directory list (eg, a directory that is neither index.html does not have an index.jsp file), the user may connect to this JSP page, click it, thus Accidentally activate uninitialized pages. Therefore, a good way is to use the URL-Pattern (5.3) to associate the original URL of the JSP page with the registered servlet name. In this way, the client can use the Normal name of the JSP page, but still activate the customized version. For example, given a servlet definition from item 1, you can use the following servlet-mapping definition:</p>
<p><servlet-mapping></p>
<p><servlet-name> PageName </ servlet-name></p>
<p><url-pattern> /realpage.jsp </ url-pattern></p>
<p></ servlet-maping></p>
<p>3) JSP page Use JSPinit instead of init. The INTi method has been automatically established from the JSP page. Therefore, using JSP declarations to provide an init method is illegal, the JSPinit method must be developed.</p>
<p>To illustrate the process of initializing the JSP page, the program list 5-9 gives a JSP page named initpage.jsp, which contains a JSPINIT method and placed on the top of the deploydemo web application hierarchy. Generally, http: //host/deploydeMo/InitPage.jsp form URL The URL will activate the version of this page does not have an initialization parameter access, thereby displays NULL for the firstName and EmailAddress variables. However, the web.xml file (Program List 5-10) assigns a registration name and then associates the registration name with the URL mode / ITPAGE.JSP.</p>
<p>Program List 5-9 Initpage.jsp</p>
<p><! Doctype html public "- // w3c // DTD HTML 4.0 Transitional // En"> <html></p>
<p><Head> <title> JSP init test </ title> </ head></p>
<p><Body bgcolor = "# fdf5e6"></p>
<p><H2> init parameters: </ h2></p>
<p><Ul></p>
<p><Li> first name: <% = firstname%></p>
<p><Li> email address: <% = emailaddress%></p>
<p></ Ul></p>
<p></ Body> </ html></p>
<p><%!</p>
<p>Private string firstname, EmailAddress;</p>
<p>Public void jspinit () {</p>
<p>ServletConfig CONFIG = GetServletConfig ();</p>
<p>Firstname = config.getinitParameter ("firstname");</p>
<p>EmailAddress = config.getinitParameter ("emailaddress");</p>
<p>}</p>
<p>%></p>
<p>Program List 5-10 Web.xml (Description of the init parameter of the JSP page)</p>
<p><? Xml Version = "1.0" encoding = "ISO-8859-1"?></p>
<p><! DocType web-app</p>
<p>Public "- // Sun microsystems, Inc.//dtd Web Application 2.3 // en"</p>
<p>"http://java.sun.com/dtd/web-app_2_3.dtd"></p>
<p><web-app></p>
<p><! - ... -></p>
<p><servlet></p>
<p><servlet-name> INTPAGE </ servlet-name></p>
<p><jsp-file> /initpage.jsp </ jsp-file></p>
<p><init-param></p>
<p><param-name> firstname </ param-name></p>
<p><param-value> Bill </ param-value></p>
<p></ init-param></p>
<p><init-param></p>
<p><param-name> EmailAddress </ param-name></p>
<p><param-value> gates@oracle.com </ param-value></p>
<p></ init-param></p>
<p></ servlet></p>
<p><! - ... -></p>
<p><servlet-mapping></p>
<p><servlet-name> INTPAGE </ servlet-name></p>
<p><url-pattern> /initpage.jsp </ url-pattern></p>
<p></ servlet-maping></p>
<p><! - ... -></p>
<p></ web-app></p>
<p>For more useful information. On the other hand, you can try at www.microsoft.com, www.ibm.com or especially at www.bea.com, output unknown file names. This is a useful message that provides a selectable location in order to find the page of interest. Providing such useful error pages for web applications is worth it. In fact, http://www.plinko.net/404/ is specifically used for the entire site for the 404 error page. This site contains the best, worst and most funny 404 page worldwide. Program List 5-13 gives a JSP page that returns to a client that provides location program name. Program Listing 5-14 gives the web.xml of the page displayed when the specified program list 5-13 is returned to 404 error code. Note that the URL shown in the browser is still provided by the client. The error page is a background implementation technology.</p>
<p>Last point, please remember that IE5's default configuration clearly does not meet the HTTP specification, it ignores the error message generated by the server, but the standard error message is displayed. You can go to its Tools menu, select Internet Options, click Advanced, and cancel the show friendly http error message to resolve this issue.</p>
<p>Program List 5-13 Notfound.jsp</p>
<p><! Doctype html public "- // w3c // DTD HTML 4.0 Transitional // En"></p>
<p><Html></p>
<p><Head> <title> 404: NOT Found </ title> </ hEAD></p>
<p><Body bgcolor = "# fdf5e6"></p>
<p><H2> Error! </ H2></p>
<p>I'm Sorry, But I Cannot Find A Page That Matches</p>
<p><% = Request.getRequesturi ()%> on the system. Maybe you shop</p>
<p>Try ONE of the FOLLOWING:</p>
<p><Ul></p>
<p><Li> go to the server's <a href="/"> Home Page </a>.</p>
<p><Li> Search for Relevant Pages. <br></p>
<p><Form action = "http://www.google.com/search"></p>
<p><Center></p>
<p>Keywords: <input type = "text" name = "q"> <br></p>
<p><Input Type = "Submit" Value = "Search"></p>
<p></ Center></p>
<p></ Form></p>
<p><Li> admire a random multiple of 404:</p>
<p><% = 404 * ((int) (1000 * math.random ())))%>.</p>
<p><Li> try a <a href = "http://www.plinko.net/404/rndindex.asp"</p>
<p>Target = "_ blank"></p>
<p>Random 404 Error Message </a>. from the amazing and</p>
<p>amusing plinko.net <a href="http://www.plinko.net/404/"></p>
<p>404 Archive </a>. </ Ul></p>
<p></ Body> </ html></p>
<p>Program List 5-14 Web.xml (pointing out an excerpt of the error page of the HTTP error code)</p>
<p><? Xml Version = "1.0" encoding = "ISO-8859-1"?></p>
<p><! DocType web-app</p>
<p>Public "- // Sun microsystems, Inc.//dtd Web Application 2.3 // en"</p>
<p>"http://java.sun.com/dtd/web-app_2_3.dtd"></p>
<p><web-app></p>
<p><Error-Page></p>
<p><Error-Code> 404 </ ERROR-CODE></p>
<p><location> /notfound.jsp </ location></p>
<p></ Error-Page></p>
<p><! - ... -></p>
<p></ web-app></p>
<p>8.2 Exception-Type element</p>
<p>Error-Code element handles a case where a request generates a specific HTTP status code. However, what is the common situation for the Servlet or JSP page returns 200 but abnormal operation? This is the case where the Exception-Type element is to be processed. Simply provide two things: that is, a fully qualified exception class and a location:</p>
<p><Error-Page></p>
<p><exception-type> packagename.classname </ exception-type></p>
<p><location> / someurl </ location></p>
<p></ Error-Page></p>
<p>Thus, if any servlet or JSP page in the web application produces a specific type of unconjured exception, use the specified URL. This exception type can be a standard type, such as Javax.ServletException or Java.lang.OutofMemoryError, or an exception specifically for your application.</p>
<p>For example, program list 5-15 gives an exception class named DumbDevelopeRexception, which can be used to specify less experienced programmers (not said that you have such a person in your development group). This class also contains a static method called DangerousComputation, which generates this type of exception from time to time. Program Listing 5-16 gives a JSP page that calls the random integer value to call DangerouSCompution. When throwing this exception, as indicated by the Exception-Type shown in the Web.xml version of the program list 5-18, the client is displayed DDE.JSP (Program List 5-17). Figure 5-16 and Figure 5-17 give a lucky and unfortunate result.</p>
<p>Program List 5-15 DumbDevelopRexception.java</p>
<p>Package morvelvlets;</p>
<p>/ ** Exception use to flag particularly liveerous</p>
<p>Programmer blunders. Used to illustrate the</p>
<p>Exception-Type Web.xml Element.</p>
<p>* <P></p>
<p>* Taken from More Servlets and JavaServer Pages</p>
<p>* Frompentice Hall and Sun Microsystems Press,</p>
<p>* Http://www.moreservlets.com/.</p>
<p>* © 2002 Marty Hall; May Be Frely Used or Adapted. * /</p>
<p>Public class dumbdeveloperexception extends Exception {</p>
<p>Public DumbDevelopRexception () {</p>
<p>Super ("duh. What was i * thinking *?");</p>
<p>}</p>
<p>Public Static Int DangersuScomput (int N)</p>
<p>Throws dumbdeveloperexception {</p>
<p>IF (n <5) {</p>
<p>Return (N 10);</p>
<p>} Else {</p>
<p>New DumbDevelopRexception ());</p>
<p>}</p>
<p>}</p>
<p>}</p>
<p>Program List 5-16 Riskypage.jsp</p>
<p><! Doctype html public "- // w3c // DTD HTML 4.0 Transitional // En"></p>
<p><Html></p>
<p><Head> <title> Risky JSP Page </ title> </ hEAD></p>
<p><Body bgcolor = "# fdf5e6"></p>
<p><H2> Risky CalculationS </ H2></p>
<p><% @ Page import = "more"%>%></p>
<p><% Int N = ((int) (10 * math.random ()))));%></p>
<p><Ul></p>
<p><Li> n: <% = n%></p>
<p><Li> DangerousComputation (N):</p>
<p><% = DumbDevelopRexception.dangerousComputation (n)%></p>
<p></ Ul></p>
<p></ Body> </ html></p>
<p>Program List 5-17 DDE.JSP</p>
<p><! Doctype html public "- // w3c // DTD HTML 4.0 Transitional // En"></p>
<p><Html></p>
<p><Head> <title> Dumb </ title> </ head></p>
<p><Body bgcolor = "# fdf5e6"></p>
<p><H2> DUMB Developer </ H2></p>
<p>We're Brain dead. Consider Using Our CompetiTors.</p>
<p></ Body> </ html></p>
<p>Program List 5-18 Web.xml (excerpt from an exception specified error page)</p>
<p><? Xml Version = "1.0" encoding = "ISO-8859-1"?></p>
<p><! DocType web-app</p>
<p>Public "- // Sun microsystems, Inc.//dtd Web Application 2.3 // en"</p>
<p>"http://java.sun.com/dtd/web-app_2_3.dtd"></p>
<p><web-app></p>
<p><! - ... -></p>
<p><servlet> ... </ servlet></p>
<p><! - ... -></p>
<p><Error-Page></p>
<p><Exception-Type></p>
<p>MoreServlets.dumbDevelopRexception</p>
<p></ eXception-type></p>
<p><location> /dde.jsp </ location> </ error-page></p>
<p><! - ... -></p>
<p></ web-app></p>
<p>9 provides security</p>
<p>Provide security for the server's built-in function using the related elements in Web.xml.</p>
<p>9.1 Method for specifying verification</p>
<p>Use the login-confgi element to specify how the server should verify that the user attempts to access the protected page. It contains three possible child elements, namely Auth-method, Realm-name, and Form-login-config. Login-config elements should appear near the end of the Web.xml deployment descriptor file, followed by the security-constraint element.</p>
<p>l Auth-method</p>
<p>Login-Config's sub-elements list the specific verification mechanism to be used. Valid values are Basic, Digest, Form and Client-Cert. The server only needs to support BASIC and FORM.</p>
<p>Basic pointed out that the standard HTTP verification should be used, and the server checks the Authorization header in this verification. If this head is missing, a 401 state code is returned and a WWW-Authenticate header. This leads to a client to pop up a dialog box for filling the Authorization header. This mechanism rarely or does not provide an attacker's prevention, these attackers are snooped on the Internet connection (such as performing a packet detection device on the client's subnet), because the username and password are simple reversible Base64 encoding They are easily handed. All compatible servers need to support Basic validation.</p>
<p>Digest pointed out that the client should transfer username and password using encrypted Digest Authentication. This provides a higher security to the Basic to prevent network cutting, but this encryption is more easily cracked than the methods used by SSL (HTTPS). However, this conclusion sometimes does not make sense, because there are very few browsers to support Digest Authentication, so the servlet container does not need to support it.</p>
<p>Form indicates that the server should check the reserved session cookie and redirect it does not have its user to a specified login page. This landing page should contain a regular HTML form that collects usernames and passwords. After logging in, use the retention session-level cookie to track users. Although it is very complicated, FORM verification prevents network snooping is not more secure than BASIC, and additional protection such as SSL or network layer security (such as IPSec or VPN) can be arranged in the top floor. All compatible servers need to support FORM authentication.</p>
<p>Client-CERT specifies that the server must use the HTTPS (HTTP above SSL) and verify the user using the user's public key certificate (PULIC Key Certificat). This provides a strong security that prevents network interception, but only compatible with J2EE's server needs to support it.</p>
<p>l Realm-name</p>
<p>This element is used only when Auth-Method is Basic. It indicates that the browser is used in the corresponding dialog header and is the name of the security domain component of the Authorization header.</p>
<p>l form-login-config</p>
<p>This element is only available when Auth-Method is Form. It specifies two pages, namely the page of the HTML form that collects the username and password (using the Form-Login-Page Child) to indicate the failed page (using the Form-Error-Page child element). The HTML form given by Form-Login-Page must have a J_Security_Check's action property, a username text field named J_USERNAME and a password field named J_Password.</p>
<p>For example, program list 5-19 indicates that the server uses a form-based verification. A page named login.jsp in the top of the web application will collect usernames and passwords, and the failed login will be reported by the page of login-error.jsp in the same directory. Program List 5-19 Web.xml (Description Login-Config Exploration)</p>
<p><? Xml Version = "1.0" encoding = "ISO-8859-1"?></p>
<p><! DocType web-app</p>
<p>Public "- // Sun microsystems, Inc.//dtd Web Application 2.3 // en"</p>
<p>"http://java.sun.com/dtd/web-app_2_3.dtd"></p>
<p><web-app></p>
<p><! - ... -></p>
<p><Security-constraint> ... </ security-connectiont></p>
<p><login-config></p>
<p><auth-method> form </ auth-method></p>
<p><form-login-config></p>
<p><form-login-page> /login.jsp </ form-login-page></p>
<p><form-error-page> /login-error.jsp </ form-error-page></p>
<p></ form-login-config></p>
<p></ login-config></p>
<p><! - ... -></p>
<p></ web-app></p>
<p>Sustainable continued.</p></div><div class="text-center mt-3 text-grey">
转载请注明原文地址:https://www.9cbs.com/read-91427.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>)
</div><div></div></div></div><ul class="postlist list-unstyled">
</ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="91427" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved
</div><div class="col text-right">Processed:
<b>0.040</b>, SQL:
<b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script>
var debug = DEBUG = 0;
var url_rewrite_on = 1;
var url_path = './';
var forumarr = {"1":"Tech"};
var fid = 1;
var uid = 0;
var gid = 0;
xn.options.water_image_url = 'view/img/water-small.png';
</script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script>
var forum_url = 'list-1.html';
var safe_token = 'JVDAKvGFw1S8DePRuOKGf2NSOR_2BPX2iN_2F242f1kqVtWIvZWn9Kd_2BtptlOrCTP_2B7SwH_2BHarMHb_2FDJ2mnrETfuJw_3D_3D';
var body = $('body');
body.on('submit', '#form', function() {
var jthis = $(this);
var jsubmit = jthis.find('#submit');
jthis.reset();
jsubmit.button('loading');
var postdata = jthis.serializeObject();
$.xpost(jthis.attr('action'), postdata, function(code, message) {
if(code == 0) {
location.reload();
} else {
$.alert(message);
jsubmit.button('reset');
}
});
return false;
});
function resize_image() {
var jmessagelist = $('div.message');
var first_width = jmessagelist.width();
jmessagelist.each(function() {
var jdiv = $(this);
var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width();
var jmessage_width = Math.min(jdiv.width(), maxwidth);
jdiv.find('img, embed, iframe, video').each(function() {
var jimg = $(this);
var img_width = this.org_width;
var img_height = this.org_height;
if(!img_width) {
var img_width = jimg.attr('width');
var img_height = jimg.attr('height');
this.org_width = img_width;
this.org_height = img_height;
}
if(img_width > jmessage_width) {
if(this.tagName == 'IMG') {
jimg.width(jmessage_width);
jimg.css('height', 'auto');
jimg.css('cursor', 'pointer');
jimg.on('click', function() {
});
} else {
jimg.width(jmessage_width);
var height = (img_height / img_width) * jimg.width();
jimg.height(height);
}
}
});
});
}
function resize_table() {
$('div.message').each(function() {
var jdiv = $(this);
jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>');
});
}
$(function() {
resize_image();
resize_table();
$(window).on('resize', resize_image);
});
var jmessage = $('#message');
jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); });
jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); });
$('#nav li[data-active="fid-1"]').addClass('active');
</script>
