Contents

Title and Copyright Information

Preface

• Documentation Accessibility
• Conventions

1 Introduction and Roadmap

• Document Scope and Audience
• Guide To This Document
• Related Documentation
• Examples for the Web Application Developer
  • Avitek Medical Records Application (MedRec)
  • Web Application Examples in the WebLogic Server Distribution
• New and Changed Features In This Release

2 Understanding Web Applications, Servlets, and JSPs

• The Web Applications Container
  • Web Applications and Java EE
  • Web Application Development Key Points
• Servlets
  • Servlets and Java EE
  • What You Can Do with Servlets
  • Servlet Development Key Points
• JavaServer Pages
  • JSPs and Java EE
  • What You Can Do with JSPs
  • Overview of How JSP Requests Are Handled
• Web Application Developer Tools
  • Other Tools
• Web Application Security
  • Limiting the Number of Parameters in an HTTP Request
• Avoiding Redirection Attacks
• P3P Privacy Protocol
• Displaying Special Characters on Linux Browsers

3 Creating and Configuring Web Applications

• WebLogic Web Applications and Java EE
• Directory Structure
  • Accessing Information in WEB-INF
  • Directory Structure Example
• Main Steps to Create and Configure a Web Application
  • Step One: Create the Enterprise Application Wrapper
  • Step Two: Create the Web Application
  • Step Three: Creating the build.xml File
  • Step Four: Execute the Split Development Directory Structure Ant Tasks
• Configuring How a Client Accesses a Web Application
• Configuring Virtual Hosts for Web Applications
  • Configuring a Channel-based Virtual Host
  • Configuring a Host-based Virtual Host
• Targeting Web Applications to Virtual Hosts
• Loading Servlets, Context Listeners, and Filters
• Shared Java EE Web Application Libraries

4 Creating and Configuring Servlets

• Configuring Servlets
  • Servlet Mapping
• Setting Up a Default Servlet
• Servlet Initialization Attributes
• Writing a Simple HTTP Servlet
• Advanced Features
• Complete HelloWorldServlet Example
• Debugging Servlet Containers
  • Disabling Access Logging
    • Usage
    • Example
    • Debugging Specific Sessions
    • Usage
  • Tracking a Request Handle Footprint
    • Usage

5 Creating and Configuring JSPs

• WebLogic JSP and Java EE
• Configuring JavaServer Pages (JSPs)
• Registering a JSP as a Servlet
• Configuring JSP Tag Libraries
• Configuring Welcome Files
• Customizing HTTP Error Responses
• Determining the Encoding of an HTTP Request
• Mapping IANA Character Sets to Java Character Sets
• Configuring Implicit Includes at the Beginning and End of JSPs
• Configuring JSP Property Groups
  • JSP Property Group Rules
  • What You Can Do with JSP Property Groups
• Writing JSP Documents Using XML Syntax
  • How to Use JSP Documents
  • Important Information about JSP Documents

6 Using JSF and JSTL

• Using JSF and JSTL With Web Applications
  • JavaServer Faces (JSF)
  • JavaServer Pages Standard Tag Libraries (JSTL)
• JSF Compatibility with Previous Releases
  • Deploying JSF 1.2 and JSTL Libraries
  • Referencing a JSF or JSTL Library

7 Configuring Resources in a Web Application

• Configuring Resources in a Web Application
• Configuring Resources
• Referencing External EJBs
• More about the ejb-ref* Elements
• Referencing Application-Scoped EJBs
• Serving Resources from the CLASSPATH with the ClasspathServlet
• Using CGI with WebLogic Server
  • Configuring WebLogic Server to Use CGI
  • Requesting a CGI Script
  • CGI Best Practices

8 WebLogic Annotation for Web Components

• Servlet Annotation and Dependency Injection
  • Web Component Classes That Support Annotations
  • Annotations Supported By a Web Container
    • Fault Detection and Recovery
    • Limitations
• Annotating Servlets
  • WLServlet
    • Attributes
    • Fault Detection And Recovery
  • WLFilter
    • Attributes
    • Fault Detection and Recovery
  • WLInitParam
    • Attributes

9 Servlet Programming Tasks

• Initializing a Servlet
  • Initializing a Servlet when WebLogic Server Starts
  • Overriding the init() Method
• Providing an HTTP Response
• Retrieving Client Input
  • Methods for Using the HTTP Request
  • Example: Retrieving Input by Using Query Parameters
• Securing Client Input in Servlets
  • Using a WebLogic Server Utility Method
• Using Cookies in a Servlet
  • Setting Cookies in an HTTP Servlet
  • Retrieving Cookies in an HTTP Servlet
  • Using Cookies That Are Transmitted by Both HTTP and HTTPS
  • Application Security and Cookies
• Response Caching
  • Initialization Parameters
• Using WebLogic Services from an HTTP Servlet
• Accessing Databases
  • Connecting to a Database Using a DataSource Object
    • Using a DataSource in a Servlet
  • Connecting Directly to a Database Using a JDBC Driver
• Threading Issues in HTTP Servlets
• Dispatching Requests to Another Resource
  • Forwarding a Request
  • Including a Request
  • RequestDispatcher and Filters
• Proxying Requests to Another Web Server
  • Overview of Proxying Requests to Another Web Server
    • Setting Up a Proxy to a Secondary Web Server
  • Sample Deployment Descriptor for the Proxy Servlet
• Clustering Servlets
• Referencing a Servlet in a Web Application
• URL Pattern Matching
• The SimpleApacheURLMatchMap Utility
• A Future Response Model for HTTP Servlets
  • Abstract Asynchronous Servlet
    • doRequest
    • doResponse
    • doTimeOut
  • Future Response Servlet

10 Using Sessions and Session Persistence

• Overview of HTTP Sessions
• Setting Up Session Management
  • HTTP Session Properties
  • Session Timeout
  • Configuring WebLogic Server Session Cookies
  • Configuring Application Cookies That Outlive a Session
  • Logging Out
  • Enabling Web Applications to Share the Same Session
  • Limiting Number of Concurrent Requests for a Session
• Configuring Session Persistence
  • Attributes Shared by Different Types of Session Persistence
  • Using Memory-based, Single-server, Non-replicated Persistent Storage
  • Using File-based Persistent Storage
• Using a Database for Persistent Storage (JDBC Persistence)
  • Configuring JDBC-based Persistent Storage
  • Caching and Database Updates for JDBC Session Persistence
  • Using Cookie-Based Session Persistence
• Using URL Rewriting Instead of Cookies
  • Coding Guidelines for URL Rewriting
  • URL Rewriting and Wireless Access Protocol (WAP)
• Session Tracking from a Servlet
  • A History of Session Tracking
  • Tracking a Session with an HttpSession Object
  • Lifetime of a Session
  • How Session Tracking Works
  • Detecting the Start of a Session
  • Setting and Getting Session Name/Value Attributes
  • Logging Out and Ending a Session
    • Using session.invalidate() for a Single Web Application
    • Implementing Single Sign-On for Multiple Applications
    • Exempting a Web Application for Single Sign-on
  • Configuring Session Tracking
  • Using URL Rewriting Instead of Cookies
  • URL Rewriting and Wireless Access Protocol (WAP)
  • Making Sessions Persistent
    • Scenarios to Avoid When Using Sessions
    • Use Serializable Attribute Values
    • Configuring Session Persistence
  • Configuring a Maximum Limit on In-memory Servlet Sessions
  • Enabling Session Memory Overload Protection

11 Application Events and Event Listener Classes

• Overview of Application Event Listener Classes
• Servlet Context Events
• HTTP Session Events
• Servlet Request Events
• Configuring an Event Listener Class
• Writing an Event Listener Class
• Templates for Event Listener Classes
  • Servlet Context Event Listener Class Example
  • HTTP Session Attribute Event Listener Class Example
• Additional Resources

12 Using the HTTP Publish-Subscribe Server

• Overview of HTTP Publish-Subscribe Servers
  • How the Pub-Sub Server Works
  • Channels
  • Message Delivery and Order of Delivery Guarantee
• Examples of Using the HTTP Publish-Subscribe Server
• Using the HTTP Publish-Subscribe Server: Typical Steps
  • Creating the weblogic-pubsub.xml File
  • Programming Using the Server-Side Pub-Sub APIs
    • Overview of the Main API Classes and Interfaces
    • Getting a Pub-Sub Server Instance and Creating a Local Client
    • Publishing Messages to a Channel
    • Subscribing to a Channel
  • Configuring and Programming Message Filter Chains
    • Programming the Message Filter Class
    • Configuring the Message Filter Chain
  • Updating a Browser Client to Communicate with the Pub-Sub Server
  • Overriding the Default Servlet Mapping of the pubsub Java EE Library
• Getting Run-time Information about the Pub-Sub Server and Channels
• Enabling Security
  • Use Pub-Sub Constraints
    • Specify Access to Channel Operations
    • Restricting Access to All Channel Operations
    • Opening Access to All Channel Operations
    • Updating a Constraint Requires Redeploy of Web Application
  • Map Roles to Principals
  • Configure SSL for Pub-Sub Communication
  • Additional Security Considerations
    • Use AuthCookieEnabled to Access Resources
    • Locking Down the Pub-Sub Server
• Advanced Topic: Using JMS as a Provider to Enable Cluster Support
  • Configuring JMS as a Handler
  • Configuring Client Session Failover
• Advanced Topic: Persisting Messages to Physical Storage
  • Configuring Persistent Channels

13 WebLogic JSP Reference

• JSP Tags
• Defining JSP Versions
  • Rules for Defining a JSP File Version
  • Rules for Defining a Tag File Version
• Reserved Words for Implicit Objects
• Directives for WebLogic JSP
  • Using the page Directive to Set Character Encoding
  • Using the taglib Directive
• Declarations
• Scriptlets
• Expressions
• Example of a JSP with HTML and Embedded Java
• Actions
  • Using JavaBeans in JSP
    • Instantiating the JavaBean Object
    • Doing Setup Work at JavaBean Instantiation
    • Using the JavaBean Object
    • Defining the Scope of a JavaBean Object
  • Forwarding Requests
  • Including Requests
• JSP Expression Language
  • Expressions and Attribute Values
  • Expressions and Template Text
• JSP Expression Language Implicit Objects
• JSP Expression Language Literals and Operators
  • Literals
  • Errors, Warnings, Default Values
  • Operators
  • Operator Precedence
• JSP Expression Language Reserved Words
• JSP Expression Language Named Variables
• Securing User-Supplied Data in JSPs
  • Using a WebLogic Server Utility Method
• Using Sessions with JSP
• Deploying Applets from JSP
• Using the WebLogic JSP Compiler
  • JSP Compiler Syntax
  • JSP Compiler Options
  • Precompiling JSPs
    • Using the JSPClassServlet

14 Filters

• Overview of Filters
  • How Filters Work
  • Uses for Filters
• Writing a Filter Class
• Configuring Filters
  • Configuring a Filter
  • Configuring a Chain of Filters
• Filtering the Servlet Response Object
• Additional Resources

15 Using WebLogic JSP Form Validation Tags

• Overview of WebLogic JSP Form Validation Tags
• Validation Tag Attribute Reference
  • <wl:summary>
  • <wl:form>
  • <wl:validator>
• Using WebLogic JSP Form Validation Tags in a JSP
• Creating HTML Forms Using the <wl:form> Tag
  • Defining a Single Form
  • Defining Multiple Forms
  • Re-Displaying the Values in a Field When Validation Returns Errors
    • Re-Displaying a Value Using the <input> Tag
    • Re-Displaying a Value Using the Apache Jakarta <input:text> Tag
• Using a Custom Validator Class
  • Extending the CustomizableAdapter Class
  • Sample User-Written Validator Class
• Sample JSP with Validator Tags

16 Using Custom WebLogic JSP Tags (cache, process, repeat)

• Overview of WebLogic Custom JSP Tags
• Using the WebLogic Custom Tags in a Web Application
• Cache Tag
  • Refreshing a Cache
  • Flushing a Cache
• Process Tag
• Repeat Tag

17 Using the WebLogic EJB to JSP Integration Tool

• Overview of the WebLogic EJB-to-JSP Integration Tool
• Basic Operation
• Interface Source Files
• Build Options Panel
• Troubleshooting
• Using EJB Tags on a JSP Page
• EJB Home Methods
• Stateful Session and Entity Beans
• Default Attributes

A web.xml Deployment Descriptor Elements

• web.xml Namespace Declaration and Schema Location
• icon
• display-name
• description
• distributable
• context-param
• filter
• filter-mapping
• listener
• servlet
  • icon
  • init-param
  • security-role-ref
• servlet-mapping
• session-config
• mime-mapping
• welcome-file-list
• error-page
• jsp-config
  • taglib
  • jsp-property-group
• resource-env-ref
• resource-ref
• security-constraint
  • web-resource-collection
  • auth-constraint
  • user-data-constraint
• login-config
  • form-login-config
• security-role
• env-entry
• ejb-ref
• ejb-local-ref
• web-app
• message-destination-ref

B weblogic.xml Deployment Descriptor Elements

• weblogic.xml Namespace Declaration and Schema Location
• description
• weblogic-version
• security-role-assignment
• run-as-role-assignment
• resource-description
• resource-env-description
• ejb-reference-description
• service-reference-description
• session-descriptor
• jsp-descriptor
• auth-filter
• container-descriptor
  • check-auth-on-forward
  • filter-dispatched-requests-enabled
  • redirect-with-absolute-url
  • index-directory-enabled
  • index-directory-sort-by
  • servlet-reload-check-secs
  • resource-reload-check-secs
  • single-threaded-servlet-pool-size
  • session-monitoring-enabled
  • save-sessions-enabled
  • prefer-web-inf-classes
  • prefer-application-packages
  • prefer-application-resources
  • default-mime-type
  • client-cert-proxy-enabled
  • relogin-enabled
  • allow-all-roles
  • native-io-enabled
  • minimum-native-file-size
  • disable-implicit-servlet-mappings
  • temp-dir
  • optimistic-serialization
  • show-archived-real-path-enabled
  • require-admin-traffic
  • access-logging-disabled
  • prefer-forward-query-string
  • container-initializer-enabled
  • langtag-revision
• charset-params
  • input-charset
  • charset-mapping
• virtual-directory-mapping
• url-match-map
• security-permission
• context-root
• wl-dispatch-policy
• servlet-descriptor
• work-manager
• logging
• library-ref
• fast-swap
• async-descriptor
• async-work-manager
• Backwards Compatibility Flags
  • Compatibility with JSP 2.0 Web Applications
    • JSP Behavior and Buffer Suffix
    • Implicit Servlet 2.5 Package Imports
• Web Container Global Configuration

C Support for GlassFish Deployment Descriptors

D Web Application Best Practices

• CGI Best Practices
• Servlet Best Practices
• JSP Best Practices
• Best Practice When Subclassing ServletResponseWrapper