Skip to main content
View by: Most Recent | Topic | Community | Webloggers   
Monthly Archives:    

Blogs by topic Blogs and user swchan2

• Accessibility • Ajax • Blogging • Business • Community 
• Databases • Deployment • Distributed • Eclipse • Education 
• EJB • Extreme Programming • Games • GlassFish • Grid 
• GUI • IDE • Instant Messaging • J2EE • J2ME 
• J2SE • Jakarta • JavaFX • JavaOne • Jini 
• JSP • JSR • JXTA • LDAP • Linux 
• Mobility • NetBeans • Open Source • OpenSolaris • OSGi 
• P2P • Patterns • Performance • Porting • Programming 
• Research • RMI • RSS Feeds • Search • Security 
• Servlets • Struts • Swing • Testing • Tools 
• Virtual Machine • Web Applications • Web Design • Web Development Tools • Web Services and XML 


Servlets

javax.servlet.http.HttpSession provides a way to identify an user across multiple HTTP requests and to store user specified information. In other words, it provides a support of stateful communications with the stateless HTTP protocol. For security and memory management, sessions need to be invalidated at a certain time. There are two related methods in HttpSession. HttpSession.invalidate() By...
on Aug 29, 2013
WebSocket is a bi-directional, full-duplex, TCP based messaging protocol. It is originally proposed as part of HTML5 and is a IETF-defined Protocol (RFC 6455). And W3C has defined JavaScript API for WebSocket which is in candidate recommendation since 2012-09-20. JSR 356: Java API for WebSocket provides a standard Java API for creating WebSocket Applications. The specification provides an API for...
on Aug 7, 2013
Expression Language (EL) was first introduced as part of JSTL 1.0, was then moved JSP 2.0 and was unified with JSF 1.2 in JSP 2.1. In Java EE 7, EL is a new separate JSR, JSR 341. Many new features are introduced in EL 3.0. This blog shows how to use new following new features of EL 3.0: Standalone environment Lambda expression (section 1.20 of EL 3.0 spec) The new operator ; to separate...
on Jul 1, 2013
Asynchronous operation was introduced in Servlet 3.0. ServletRequest#startAsync is used to put the request into asynchronous mode. A thread need to be created implicitly or explicitly (see here for an example). Servlet 3.1, JSR 340 includes clarifications in asynchronous area. Besides Servlet 3,1, Concurreny Utilities for Java EE 1.0, JSR 236 is introduced in Java EE 7. JSR 236 provides a...
on Jun 6, 2013
Asynchronous operation is supported in Servlet 3.0. I have discussed startAsync in my previous blog, startAsync in Servlet 3.0. In this blog, I will discuss AsyncContext#complete. The javadoc of AsyncContext#complete has the following: Completes the asynchronous operation that was started on the request that was used to initialze this AsyncContext, closing the response that was used to...
on May 14, 2013
Servlet 3.1 Specification (JSR 340) is almost ready for the release. One of the new features is the support for protocol upgrade. HTTP protocol upgrade was introduced in HTTP 1.1 (RFC 2616): The Upgrade general-header allows the client to specify what additional communication protocols it supports and would like to use if the server finds it appropriate to switch protocols. The server MUST use...
on May 7, 2013
Prior to Servlet 3.0, a servlet may need to wait for a long operation to complete and can cause thread starvation in web container. In Servlet 3.0, asynchronous processing is introduced to handle this situation. There is a lot of information about asynchronous processing in Servlet 3.0. In this blog, we will take a look at two aspects of startAsync. When will javax.servlet.AsyncListener#...
on Sep 8, 2011

Programming

Java API for WebSocket is a new JSR to Java EE 7. It provides a stardard Java API for creating WebSocket applications. This gives web applications the ability to push data. In Java EE 6 samples, we added a chat room sample to illustrate how to use of Servlet 3.0 asynchronous operation. In that sample, the servlet code did the following: keep track of AsyncContext in a Queue create a thread to...
on Aug 13, 2013

Security

Servlet 3.1 Specification (JSR 340) and Java Authorization Contract for Containers (JSR 115) MR3 are almost ready for release. Besides "*", the role-name "**" is introduced in the above two specifications. In a nutshell, "*" means any role defined in web.xml and "**" means any authenticated user. Prior to Servlet 3.1, web containers use proprietary mechanisms to add security-constraints for any...
on Apr 19, 2013
Servlet 3.1 Specification (JSR 340) is almost ready for the release. Several new security features have been added in this version of Servlet specification. In this blog, I will explain one of the security features, namely deny-uncovered-http-methods. Let us take a look at a simple security-constraint in web.xml as follows: <web-app xmlns="http://www.w3.org/2001/XMLSchema" ...
on Apr 19, 2013
Servlet 3.1 was in Public Review in Janurary 2013. And it is in Proposed Final Draft now. Most of the new features are related to security. In this following, I will highlight features since Servlet 3.1 Public Review: add new API javax.servlet.http.Part#getSubmittedFileName add new API javax.servlet.ServletContext#getVirtualServerNameThis API allows a JASPIC module to be registered in a Servlet...
on Mar 18, 2013
Cross-site request forgery (CSRF) is a malicious attack exploiting the trust of a site from a user's browser. As an example, an user may be tricked to invoke a url to do a bank transaction by either clicking on the url or accessing the url through <img>. In GlassFish 3.1.1, there is a CSRF prevention filter, org.apache.catalina.filters.CsrfPreventionFilter, which is based on Tomcat 7. The...
on May 31, 2011
Single Sign On allows web applications to share the same authentication state. GlassFish v2 supports virtual server level Single Sign On (SSO). Web applications with the same authentication realm in a given virtual server can share the authentication state in GlassFish v2. GlassFish 3.1 supports SSO failover at cluster level. So one has high availability for Single Sign On in a virtual server of...
on Mar 1, 2011

JSR

Servlet 3.1 (JSR 340) is almost ready for the release. One of the new features is the support for non-blocking IO. ReadListener and WriteListener are introduced to allow non-blocking processing in Servlet. Non-blocking IO can only be used in async (defined in Servlet 3.0) or the upgrade mode. We can set the async in a servlet with @WebServlet annotation. In this blog, we will illustrate the use...
on Apr 16, 2013

Web Applications

In GlassFish, when no error page is specified for a given web application, a default error page will be displayed. In some use cases, it is desirable to turn off the default error page. In this blog, we will summarize different ways to achieve this. In a Virtual Server One can turn off the default error page in a given virtual server by specifying a property with name <b>errorReportValve...
on Apr 18, 2011
GlassFish supports the preseving of HTTP session data across the redeployment of web application. Prior to GlassFish 3.1, one can achieve this through the command line as follows: &nbsp;&nbsp;asadmin redeploy <b>--properties keepSessions=true</b> --name ${APP_NAME} ${A_WAR} In GlassFish 3.1, web sessions, Stateful Session EJB instances and persistently created EJB timers can...
on Mar 9, 2011