1/24
Contents
Title and Copyright Information
Preface
Documentation Accessibility
Conventions
1
Introduction and Roadmap
Document Scope and Audience
Guide To This Document
Related Documentation
Examples for the Web Application Developer
Avitek Medical Records Application (MedRec)
Web Application Examples in the WebLogic Server Distribution
New and Changed Features In This Release
2
Understanding Web Applications, Servlets, and JSPs
The Web Applications Container
Web Applications and Java EE
Web Application Development Key Points
Servlets
Servlets and Java EE
What You Can Do with Servlets
Servlet Development Key Points
JavaServer Pages
JSPs and Java EE
What You Can Do with JSPs
Overview of How JSP Requests Are Handled
Web Application Developer Tools
Other Tools
Web Application Security
Avoiding Redirection Attacks
P3P Privacy Protocol
Displaying Special Characters on Linux Browsers
3
Creating and Configuring Web Applications
WebLogic Web Applications and Java EE
Directory Structure
Accessing Information in WEB-INF
Directory Structure Example
Main Steps to Create and Configure a Web Application
Step One: Create the Enterprise Application Wrapper
Step Two: Create the Web Application
Step Three: Creating the build.xml File
Step Four: Execute the Split Development Directory Structure Ant Tasks
Configuring How a Client Accesses a Web Application
Configuring Virtual Hosts for Web Applications
Configuring a Channel-based Virtual Host
Configuring a Host-based Virtual Host
Targeting Web Applications to Virtual Hosts
Loading Servlets, Context Listeners, and Filters
Shared Java EE Web Application Libraries
4
Creating and Configuring Servlets
Configuring Servlets
Servlet Mapping
Setting Up a Default Servlet
Servlet Initialization Attributes
Writing a Simple HTTP Servlet
Advanced Features
Complete HelloWorldServlet Example
Debugging Servlet Containers
Disabling Access Logging
Usage
Example
Debugging Specific Sessions
Usage
Tracking a Request Handle Footprint
Usage
5
Creating and Configuring JSPs
WebLogic JSP and Java EE
Configuring Java Server Pages (JSPs)
Registering a JSP as a Servlet
Configuring JSP Tag Libraries
Configuring Welcome Files
Customizing HTTP Error Responses
Determining the Encoding of an HTTP Request
Mapping IANA Character Sets to Java Character Sets
Configuring Implicit Includes at the Beginning and End of JSPs
Configuring JSP Property Groups
JSP Property Group Rules
What You Can Do with JSP Property Groups
Writing JSP Documents Using XML Syntax
How to Use JSP Documents
Important Information about JSP Documents
6
Configuring JSF and JSTL Libraries
Configuring JSF and JSTL With Web Applications
JavaServer Faces (JSF)
JavaServer Pages Standard Tag Libraries (JSTL)
JSF and JSTL Libraries
JSF 2.0 Library
JSTL 1.2 Library
Deploying JSF and JSTL Libraries
Referencing a JSF or JSTL Library
Support for JSF 1.x and JSTL 1.x Libraries
7
Configuring Resources in a Web Application
Configuring Resources in a Web Application
Configuring Resources
Referencing External EJBs
More about the ejb-ref* Elements
Referencing Application-Scoped EJBs
Serving Resources from the CLASSPATH with the ClasspathServlet
Using CGI with WebLogic Server
Configuring WebLogic Server to Use CGI
Requesting a CGI Script
CGI Best Practices
8
WebLogic Annotation for Web Components
Servlet Annotation and Dependency Injection
Web Component Classes That Support Annotations
Annotations Supported By a Web Container
Fault Detection and Recovery
Limitations
Annotating Servlets
WLServlet
Attributes
Fault Detection And Recovery
WLFilter
Attributes
Fault Detection and Recovery
WLInitParam
Attributes
9
Servlet Programming Tasks
Initializing a Servlet
Initializing a Servlet when WebLogic Server Starts
Overriding the init() Method
Providing an HTTP Response
Retrieving Client Input
Methods for Using the HTTP Request
Example: Retrieving Input by Using Query Parameters
Securing Client Input in Servlets
Using a WebLogic Server Utility Method
Using Cookies in a Servlet
Setting Cookies in an HTTP Servlet
Retrieving Cookies in an HTTP Servlet
Using Cookies That Are Transmitted by Both HTTP and HTTPS
Application Security and Cookies
Response Caching
Initialization Parameters
Using WebLogic Services from an HTTP Servlet
Accessing Databases
Connecting to a Database Using a DataSource Object
Using a DataSource in a Servlet
Connecting Directly to a Database Using a JDBC Driver
Threading Issues in HTTP Servlets
Dispatching Requests to Another Resource
Forwarding a Request
Including a Request
RequestDispatcher and Filters
Proxying Requests to Another Web Server
Overview of Proxying Requests to Another Web Server
Setting Up a Proxy to a Secondary Web Server
Sample Deployment Descriptor for the Proxy Servlet
Clustering Servlets
Referencing a Servlet in a Web Application
URL Pattern Matching
The SimpleApacheURLMatchMap Utility
A Future Response Model for HTTP Servlets
Abstract Asynchronous Servlet
doRequest
doResponse
doTimeOut
Future Response Servlet
10
Using Sessions and Session Persistence
Overview of HTTP Sessions
Setting Up Session Management
HTTP Session Properties
Session Timeout
Configuring WebLogic Server Session Cookies
Configuring Application Cookies That Outlive a Session
Logging Out
Enabling Web Applications to Share the Same Session
Configuring Session Persistence
Attributes Shared by Different Types of Session Persistence
Using Memory-based, Single-server, Non-replicated Persistent Storage
Using File-based Persistent Storage
Using a Database for Persistent Storage (JDBC Persistence)
Configuring JDBC-based Persistent Storage
Caching and Database Updates for JDBC Session Persistence
Using Cookie-Based Session Persistence
Using URL Rewriting Instead of Cookies
Coding Guidelines for URL Rewriting
URL Rewriting and Wireless Access Protocol (WAP)
Session Tracking from a Servlet
A History of Session Tracking
Tracking a Session with an HttpSession Object
Lifetime of a Session
How Session Tracking Works
Detecting the Start of a Session
Setting and Getting Session Name/Value Attributes
Logging Out and Ending a Session
Using session.invalidate() for a Single Web Application
Implementing Single Sign-On for Multiple Applications
Exempting a Web Application for Single Sign-on
Configuring Session Tracking
Using URL Rewriting Instead of Cookies
URL Rewriting and Wireless Access Protocol (WAP)
Making Sessions Persistent
Scenarios to Avoid When Using Sessions
Use Serializable Attribute Values
Configuring Session Persistence
Configuring a Maximum Limit on In-memory Servlet Sessions
Enabling Session Memory Overload Protection
11
Application Events and Event Listener Classes
Overview of Application Event Listener Classes
Servlet Context Events
HTTP Session Events
Servlet Request Events
Configuring an Event Listener Class
Writing an Event Listener Class
Templates for Event Listener Classes
Servlet Context Event Listener Class Example
HTTP Session Attribute Event Listener Class Example
Additional Resources
12
Using the HTTP Publish-Subscribe Server
Overview of HTTP Publish-Subscribe Servers
How the Pub-Sub Server Works
Channels
Message Delivery and Order of Delivery Guarantee
Examples of Using the HTTP Publish-Subscribe Server
Using the HTTP Publish-Subscribe Server: Typical Steps
Creating the weblogic-pubsub.xml File
Programming Using the Server-Side Pub-Sub APIs
Overview of the Main API Classes and Interfaces
Getting a Pub-Sub Server Instance and Creating a Local Client
Publishing Messages to a Channel
Subscribing to a Channel
Configuring and Programming Message Filter Chains
Programming the Message Filter Class
Configuring the Message Filter Chain
Updating a Browser Client to Communicate with the Pub-Sub Server
Overriding the Default Servlet Mapping of the pubsub Java EE Library
Getting Run-time Information about the Pub-Sub Server and Channels
Enabling Security
Use Pub-Sub Constraints
Specify Access to Channel Operations
Restricting Access to All Channel Operations
Opening Access to All Channel Operations
Updating a Constraint Requires Redeploy of Web Application
Map Roles to Principals
Configure SSL for Pub-Sub Communication
Additional Security Considerations
Use AuthCookieEnabled to Access Resources
Locking Down the Pub-Sub Server
Advanced Topic: Using JMS as a Provider to Enable Cluster Support
Configuring JMS as a Handler
Configuring Client Session Failover
Advanced Topic: Persisting Messages to Physical Storage
Configuring Persistent Channels
13
WebLogic JSP Reference
JSP Tags
Defining JSP Versions
Rules for Defining a JSP File Version
Rules for Defining a Tag File Version
Reserved Words for Implicit Objects
Directives for WebLogic JSP
Using the page Directive to Set Character Encoding
Using the taglib Directive
Declarations
Scriptlets
Expressions
Example of a JSP with HTML and Embedded Java
Actions
Using JavaBeans in JSP
Instantiating the JavaBean Object
Doing Setup Work at JavaBean Instantiation
Using the JavaBean Object
Defining the Scope of a JavaBean Object
Forwarding Requests
Including Requests
JSP Expression Language
Expressions and Attribute Values
Expressions and Template Text
JSP Expression Language Implicit Objects
JSP Expression Language Literals and Operators
Literals
Errors, Warnings, Default Values
Operators
Operator Precedence
JSP Expression Language Reserved Words
JSP Expression Language Named Variables
Securing User-Supplied Data in JSPs
Using a WebLogic Server Utility Method
Using Sessions with JSP
Deploying Applets from JSP
Using the WebLogic JSP Compiler
JSP Compiler Syntax
JSP Compiler Options
Precompiling JSPs
Using the JSPClassServlet
14
Filters
Overview of Filters
How Filters Work
Uses for Filters
Writing a Filter Class
Configuring Filters
Configuring a Filter
Configuring a Chain of Filters
Filtering the Servlet Response Object
Additional Resources
15
Using WebLogic JSP Form Validation Tags
Overview of WebLogic JSP Form Validation Tags
Validation Tag Attribute Reference
<wl:summary>
<wl:form>
<wl:validator>
Using WebLogic JSP Form Validation Tags in a JSP
Creating HTML Forms Using the <wl:form> Tag
Defining a Single Form
Defining Multiple Forms
Re-Displaying the Values in a Field When Validation Returns Errors
Re-Displaying a Value Using the <input> Tag
Re-Displaying a Value Using the Apache Jakarta <input:text> Tag
Using a Custom Validator Class
Extending the CustomizableAdapter Class
Sample User-Written Validator Class
Sample JSP with Validator Tags
16
Using Custom WebLogic JSP Tags (cache, process, repeat)
Overview of WebLogic Custom JSP Tags
Using the WebLogic Custom Tags in a Web Application
Cache Tag
Refreshing a Cache
Flushing a Cache
Process Tag
Repeat Tag
17
Using the WebLogic EJB to JSP Integration Tool
Overview of the WebLogic EJB-to-JSP Integration Tool
Basic Operation
Interface Source Files
Build Options Panel
Troubleshooting
Using EJB Tags on a JSP Page
EJB Home Methods
Stateful Session and Entity Beans
Default Attributes
A
web.xml Deployment Descriptor Elements
web.xml Namespace Declaration and Schema Location
icon
display-name
description
distributable
context-param
filter
filter-mapping
listener
servlet
icon
init-param
security-role-ref
servlet-mapping
session-config
mime-mapping
welcome-file-list
error-page
jsp-config
taglib
jsp-property-group
resource-env-ref
resource-ref
security-constraint
web-resource-collection
auth-constraint
user-data-constraint
login-config
form-login-config
security-role
env-entry
ejb-ref
ejb-local-ref
web-app
B
weblogic.xml Deployment Descriptor Elements
weblogic.xml Namespace Declaration and Schema Location
description
weblogic-version
security-role-assignment
run-as-role-assignment
resource-description
resource-env-description
ejb-reference-description
service-reference-description
session-descriptor
jsp-descriptor
auth-filter
container-descriptor
check-auth-on-forward
filter-dispatched-requests-enabled
redirect-with-absolute-url
index-directory-enabled
index-directory-sort-by
servlet-reload-check-secs
resource-reload-check-secs
single-threaded-servlet-pool-size
session-monitoring-enabled
save-sessions-enabled
prefer-web-inf-classes
prefer-application-packages
prefer-application-resources
default-mime-type
client-cert-proxy-enabled
relogin-enabled
allow-all-roles
native-io-enabled
minimum-native-file-size
disable-implicit-servlet-mappings
temp-dir
optimistic-serialization
show-archived-real-path-enabled
require-admin-traffic
access-logging-disabled
prefer-forward-query-string
charset-params
input-charset
charset-mapping
virtual-directory-mapping
url-match-map
security-permission
context-root
wl-dispatch-policy
servlet-descriptor
work-manager
logging
library-ref
fast-swap
Backwards Compatibility Flags
Compatibility with JSP 2.0 Web Applications
JSP Behavior and Buffer Suffix
Implicit Servlet 2.5 Package Imports
Web Container Global Configuration
C
Support for GlassFish Deployment Descriptors
D
Web Application Best Practices
CGI Best Practices
Servlet Best Practices
JSP Best Practices
Best Practice When Subclassing ServletResponseWrapper
Scripting on this page enhances content navigation, but does not change the content in any way.