A network function level (8 layers): LAN / ATM (physical layer) ---- LAN / ATM (data link layer) ---- IP (network layer) ---- TCP / UDP (transport layer) --- Conference layer ---- represents layer ---- http (application layer) ---- SOAP / UDDI (Web service). J2EE Structure: Main Java Web Programming Technology, Three 1) J2EE Application Members - Servlet, JSP, EJB (JDK, J2EEDK 2) J2EE - JDBC (Data Connection Technology), JTS ), JNDI (naming technology), data transaction technology, security technology, connection framework technology, Web service technology, deployment technology, guarantees and promotes good operation of components. 3) Application Paper - RMI, JMS, Javamail, Web Protocol, Remote Method Call, Object Management Group Protocol, Java Communication Service Technology, Java Message Technology and Mail Technology, Realization Information Between Machines and Programs in Platform . The second HTTP provides two ways to request the request: GET method (web page positioning URL and send content body body, simultaneous transmission) and post method (first URL Re-send BODY) three html form Use properties: Attributes: action, Method (specifying an HTTP method to send data to the server), ENCTYPE (specifying the encoding method before sending, default is Application / X-WWW-FORM-URLENCODED or MULTIPART / FORM-DATA (POST method)), target (specified Which Frame in the browser displays the server's response HTML, default is current frame), onSubmit, and OnreSet, Accept, and Accept-Charset (specifying the MIME type and character encoding type accepted by the server program). Four System Configuration Settings: After loading JDK, set the JAVA_HOME = J2SDK installation directory (C: /JDK1.4), classpath =% java_home% / bin After installation of the web server, set (if you want to use the command line start service) Catalina_home = Web Service Installation Directory, Web Server Folder Description:% Catalina_Home% / BIN,% CATALINA_HOME% / Common - Web server uses Java class files and JAR files, internal / classes file clips, / endosed Store external JAR files, / lib stores servers and all JAR files used in all web programs. % catalina_home% / conf --Web service Configure Server.xml. % catalina_home% / logs,% catalina_home% / temp,% catalina_home% / WebApps - web application. Five Basic servlets become API: Javax.Servlet (providing a servlet base class and interface that Web containers can use) Directory and Javax.Servlet.http directory (including HTTP-related servlet interfaces).
Six HTTP requests include three parts: Request line - Request method Method, request URL URL and protocol 2 headers - multiple properties (related content can be found in HTTP 1.0 protocol) 3 Derivatives (Body ) Additional text or binary files after the request. Seven Conferences (SESSION) concepts. Three ways to implement sessions on a web container: 1 cookie can store session code as an HTTP header information. 2 URL rewrite, attach the session code in the URL () You can use the Response.EncodeURL method in the servlet to rewrite. 3 hide the form input. There is no safety mechanism in three ways, you can use SSL connections to ensure.
Session Life: A request issued by a user is a session. It is three situations that have failed: 1 The browser is turned off. ? The browser refers to all webpages, or the webpage access to the website? 2 session expired. 3 Logout (invoking invalidate) cookie is a small piece of data that can be embedded in the HTTP request and response, which is generated on the server and returns a user as part of the response header. After the browser receives the response containing the cookie, the browser is written in the form of the "Keyword / Value" pair in the form of a client to store the cookie. The browser will send cookies and subsequent requests to the same server, and the server can read the cookie in the cookie to set the validity period, and the expiration cookie will not be sent to the server. The Servlet API provides a cookie class that encapsulates some operations for cookies. Servlet can create a new cookie, set its keywords, values, and validity periods, and then set the cookie to send back the browser in the HTTPSERVLETRESPONSE object, and get cookies from the HTTPServletRequest object. The javax.servlet.http.httpsession interface encapsulates the details of the HTTP session, which is related to multiple requests for the web server with a specific web customer within a period of time. The management session data mainly involves three aspects: session exchange, session restarting and session persistence, only data objects that implement the java.io.Serializable interface can be exchanged, relocated, and hold. This interface is primarily the ability of the object to be serialized, which can write status information of the object such as files, network connections, etc. The eight filter FILTER can operate a special web component for the header attribute (header) and content body (body) of the request and response. The filter can operate before the Web request arrives at the servlet and JSP and after the servlet returns a response. The main functions of the filter include: 1 to analyze the web request, pretreatment of input data; 2 Blocking requests and responses; 3 based on function modified header information and data body; 4, based on function modified header information and Decigoction; 5 and other web resources collaboration. More for safe protection, running records, image transformation, data compression, encryption decoding, and XML conversion. Filter configuration: Write configuration in the Filter in Web.xml. Nine event listener Web.xml's preparation information can be found: servlet2.4. Ten JSP and XML interaction. Mainly used to format files and communication languages. JAXP technology uses SAX and DOM to analyze XML files. You can also convert the XML format using XSLT. Handling XML API package: crimson.jar, Xalan.jar, jaxp.jar. If not, you need to set the CalssPath included. JSP generates XML: and generates an HTML file class test, and it is apparent to contentType = "TEST / XML". The analysis server-side XML transformation is appropriately formatted. The security mechanism for the Eleven web layer is included in the HTTP security technology and the security mechanism for servlet and JSP. 1. User identity confirmation Authentication Make sure the user is not counterfeiting. The application obtains the credentials of the user (various forms of identity, such as user name and password) and verify those credentials through certain licensing agencies.
If these credentials are valid, the entity submitted to these credentials is considered as identified by authentication. 2. Authorization Authorization restricts access by granting or rejecting specific permissions for verified identities. Two security protection implementations: State safety mechanism: The declaration safety mechanism specifies the security configuration protocol between web programs and web servers. The web server implements protection for web resources based on the security requirements defined in Web.xml. - The file itself property is guaranteed. (Security protection to configuring XML this can write a utility to read and write the configuration file.) Programability Safety Mechanism: The Java program implements security restrictions. - User Access Control. According to the security policy. The security mechanism of the web program can be set in the web deployment description file, and it is a declarative security mechanism. In two ways in Tomcat, authentication mode is implemented: using XML definition user's memory REALM authentication mode and the authentication method for establishing JDBC Realm with database connection. The user information source defined by these three realm is for all web programs in a web server. The user information is defined in the conf / tomcat-users.xml file using the verification method using the memory REAML. Using this file as a data resource file defined by the user information is the Tomcat default setting, defined in
The server is not necessarily forced to require this order, but they allow (actually some servers doing this) completely refuse to perform web applications that contain elements in order incorrect. This means that the Web.xml file used in the order of the non-standard element is unmistable. The following list gives all the order necessary for all legitimate elements that can appear in the web-app element. For example, this list Description servlet elements must appear before all servlet-mapping elements. Please note that all of these elements are optional. Therefore, a certain element can be omitted, but it cannot be placed in an incorrect position. l icon icon elements indicate that the IDE and GUI tools are used to represent one and two image files of the web application. l Display-name Display-Name element provides a GUI tool that may be used to mark a name for this particular web application. The L Description Description element gives an illustrative text associated with this. l Context-param context-param element declares initialization parameters within the application range. l Filter filter elements Associate a name with a class that implements the Javax.Servlet.Filter interface. l Filter-Mapping Once a filter is named, use the filter-mapping element to associate it with one or more servlets or JSP pages. l Listener Servlet API version 2.3 adds support for event listeners, and event listeners are notified when establishing, modifying, and deleting sessions or servlet environments. The Listener element indicates the event listener class. l Servlet When you set an initialization parameter or a custom URL to the servlet or JSP page, you must first name the servlet or JSP page. The servlet element is used to complete this task. l Servlet-Mapping servers typically provide a default URL: http: // host / webappppppppppprefix / servlet / servletname. However, this URL is often changed so that servlets can access initialization parameters or more easily handle relative URLs. Using servlet-mapping elements when changing the default URL. l Session-config If a session is not accessed for a certain period of time, the server can discard it to save memory. The timeout value of a single session object can be explicitly set by using the HttpSession's setMaxinactiveInterVal method, or the default timeout value can be used to use the session-config element. l Mime-mapping If the web application has a special file, I hope to guarantee the assigned MIME type, then the mime-mapping element provides this guarantee. l Welcom-file-list welcome-file-list element indicates which file when receiving a directory name instead of a file name instead of a file name. l Error-Page Error-Page element allows the page that will be displayed when the particular type of abnormality is returned, or when the particular type of exception is thrown. l Taglib Taglib Elements Specify an alias for tag libraryu descriptor file. This feature allows you to change the location of the TLD file without editing the JSP page using these files. l Resource-Env-Ref Resource-Env-Ref element declares a management object related to the resource. l Resource-Ref Resource-Ref element declares an external resource used by a resource factory. l Security-constraint security-constraint Elements Develop the URL that should be protected. It combines L login-config elements to specify how to use the login-config element to specify how the server is authorized to access the protected page to try to access the protected page. It is used in combination with the Sercurity-Constraint element.
