Chapter 5 & 6

Servlet and JSP

The Servlet’s Life Cycle

Applet life cycle contains methods: init( ), start( ), paint( ), stop( ), and
destroy( ) – appropriate methods called based on user action. Similarly,
servlets operate in the context of a request and response model managed by a
servlet engine The engine does the following:
● Loads the servlet when it is first requested.
● Calls the servlet’s init( ) method.
● Handles any number of requests by calling the servlet’s service( ) method.
● When shutting down, calls each servlet’s destroy( ) method.

Diagram:

The init( ) method

• It request for a servlet received by the servlet engine.
• Checks to see if the servlet is already loaded.
• If not, uses a class loader to get the required servlet class and
instantiates it by calling the constructor method.
• After the servlet is loaded, but before it services any requests, the init ( )
method is called.
• Inside init( ), the resources used by the servlet are initialized. E.g:
establishing database connection.
• This method is called only once just before the servlet is placed into
service.
• The init( ) method takes a ServletConfig object as a parameter. Its
signature is:
public void init(ServletConfig config) throws ServletException
• Most common way of doing this is to have it call the super.init( ) passing
it the ServletConfig object.
The service( ) method
• The service( ) method handles all requests sent by a client.
• It cannot start servicing requests until the init( ) method has been executed.
• Only a single instance of the servlet is created and the servlet engine
dispatches each request in a single thread.
• The service( ) method is used only when extending GenericServlet class.
• Since servlets are designed to operate in the HTTP environment, the
HttpServlet class is extended.
• The service(HttpServletRequest, HttpServletResponse) method examines
the request and calls the appropriate doGet() or doPost() method.
• A typical Http servlet includes overrides to one or more of these
subsidiary methods rather than an override to service().

The destroy( ) method

• This method signifies the end of a servlet’s life.
• The resources allocated during init( ) are released.
• Save persistent information that will be used the next time the servlet is
loaded.
• The servlet engine unloads the servlet.
• Calling destroy( ) yourself will not acutally unload the servlet. Only the
servlet engine can do this.

Interfaces in javax.servlet package

There are many interfaces in javax.servlet package. They are as follows:
1. Servlet
2. ServletRequest
3. ServletResponse
4. RequestDispatcher
5. ServletConfig
6. ServletContext
7. SingleThreadModel
8. Filter
9. FilterConfig
10. FilterChain
11.ServletRequestListener
12. ServletRequestAttributeListener
13. ServletContextListener
14. ServletContextAttributeListener

Classes in javax.servlet package

There are many classes in javax.servlet package. They are as follows:
1. GenericServlet
2. ServletInputStream
3. ServletOutputStream
4. ServletRequestWrapper
5. ServletResponseWrapper
6. ServletRequestEvent
7. ServletContextEvent
8. ServletRequestAttributeEvent
9. ServletContextAttributeEvent
Interfaces in javax.servlet.http package
There are many interfaces in javax.servlet.http package. They are as follows:
1. HttpServletRequest
2. HttpServletResponse
3. HttpSession
4. HttpSessionListener
5. HttpSessionAttributeListener
6. HttpSessionBindingListener
7. HttpSessionActivationListener

Classes in javax.servlet.http package

There are many classes in javax.servlet.http package. They are as follows:
1. HttpServlet
2. Cookie
3. HttpServletRequestWrapper
4. HttpServletResponseWrapper
5. HttpSessionEvent
6. HttpSessionBindingEvent

Methods of Servlet interface

There are 5 methods in Servlet interface. The init, service and destroy are the life cycle methods of
servlet. These are invoked by the web container.
Method Description
initializes the servlet. It is the life cycle method of
public void init(ServletConfig config)
servlet and invoked by the web container only once.
public void service(ServletRequest provides response for the incoming request. It is
request,ServletResponse response) invoked at each request by the web container.
is invoked only once and indicates that servlet is being
public void destroy()
destroyed.
public ServletConfig getServletConfig() returns the object of ServletConfig.
returns information about servlet such as writer,
public String getServletInfo()
copyright, version etc.

Difference between GET and POST method

GET POST
1) In case of Get request, only limited amount of In case of post request, large amount of
data can be sent because data is sent in header. data can be sent because data is sent in body.
2) Get request is not secured because data is Post request is secured because data is not
exposed in URL bar. exposed in URL bar.
3) Get request can be bookmarked Post request cannot be bookmarked
4) Get request is idempotent. It means second
request will be ignored until response of first request Post request is non-idempotent
is delivered.
5) Get request is more efficient and used more than Post request is less efficient and used less
Post than get.

GenericServlet :
It is a class implements Servlet, ServletConfig and Serializable interfaces. It provides the
implementaion of all the methods of these interfaces except the service method.
GenericServlet class can handle any type of request so it is protocol-independent.
You may create a generic servlet by inheriting the GenericServlet class and providing the
implementation of the service method.

Methods of GenericServlet class

There are many methods in GenericServlet class. They are as follows:
1. public void init(ServletConfig config) is used to initialize the servlet.
2. public abstract void service(ServletRequest request, ServletResponse response)
provides service for the incoming request. It is invoked at each time when user requests for a
servlet.
3. public void destroy() is invoked only once throughout the life cycle and indicates that
servlet is being destroyed.
4. public ServletConfig getServletConfig() returns the object of ServletConfig.
5. public String getServletInfo() returns information about servlet such as writer, copyright,
version etc.
6. public void init() it is a convenient method for the servlet programmers, now there is no
need to call super.init(config)
7. public ServletContext getServletContext() returns the object of ServletContext.
8. public String getInitParameter(String name) returns the parameter value for the given
parameter name.
9. public Enumeration getInitParameterNames() returns all the parameters defined in the
web.xml file.
10. public String getServletName() returns the name of the servlet object.
11. public void log(String msg) writes the given message in the servlet log file.
12. public void log(String msg,Throwable t) writes the explanatory message in the servlet log
file and a stack trace.

• import java.io.*;
• import javax.servlet.*;
•
• public class First extends GenericServlet{
• public void service(ServletRequest req,ServletResponse res)
• throws IOException,ServletException{
•
• res.setContentType("text/html");
•
 • PrintWriter out=res.getWriter();
• out.print("<html><body>");
• out.print("<b>hello generic servlet</b>");
• out.print("</body></html>");
•
• }
• }

HttpSrevlet Class:
The HttpServlet class extends the GenericServlet class and implements Serializable interface. It
provides http specific methods such as doGet, doPost, doHead, doTrace et

Methods of HttpServlet class

There are many methods in HttpServlet class. They are as follows:
1. public void service(ServletRequest req,ServletResponse res) dispatches the request to the
protected service method by converting the request and response object into http type.
2. protected void service(HttpServletRequest req, HttpServletResponse res) receives the
request from the service method, and dispatches the request to the doXXX() method
depending on the incoming http request type.
3. protected void doGet(HttpServletRequest req, HttpServletResponse res) handles the
GET request. It is invoked by the web container.
4. protected void doPost(HttpServletRequest req, HttpServletResponse res) handles the
POST request. It is invoked by the web container.

\\Session Id
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpSession;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class SessionId extends HttpServlet

{
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws IOException, ServletException
{
res.setContentType("text/html");
PrintWriter pw = res.getWriter();
HttpSession ssn = req.getSession();
if(ssn != null){
pw.println("Your session Id is : ");
String ssnId = ssn.getId();
pw.println(ssnId);
}
else
{
pw.println("Your session is not created yet");
}
}
}

SendRedirect in servlet
The sendRedirect() method of HttpServletResponse interface can be used to redirect response to
another resource, it may be servlet, jsp or html file.
It accepts relative as well as absolute URL.
It works at client side because it uses the url bar of the browser to make another request. So, it can
work inside and outside the server.

forward() method sendRedirect() method

The sendRedirect() method works at
The forward() method works at server side.
client side.
It sends the same request and response objects to another
It always sends a new request.
servlet.
It can be used within and outside the
It can work within the server only.
server.
Example:
Example:
request.getRequestDispacher("servlet2").forward(request,r
response.sendRedirect("servlet2");
esponse);

Import java.io.*;
• import javax.servlet.*;
• import javax.servlet.http.*;

• public class DemoServlet extends HttpServlet{

• public void doGet(HttpServletRequest req,HttpServletResponse res)
• throws ServletException,IOException
• {
• res.setContentType("text/html");
• PrintWriter pw=res.getWriter();
• response.sendRedirect("http://www.google.com");

• pw.close();
• }}

Session Tracking:
Session simply means a particular interval of time.
Session Tracking is a way to maintain state (data) of an user. It is also known as session
management in servlet.
Http protocol is a stateless so we need to maintain state using session tracking techniques. Each
time user requests to the server, server treats the request as the new request. So we need to maintain
the state of an user to recognize to particular user.
HTTP is stateless that means each request is considered as the new request. It is shown in the figure
given below

public interface HttpSession :

Provides a way to identify a user across more than one page request or visit to a Web site and to
store information about that user.
The servlet container uses this interface to create a session between an HTTP client and an HTTP
server. The session persists for a specified time period, across more than one connection or page
request from the user. A session usually corresponds to one user, who may visit a site many times.
The server can maintain a session in many ways such as using cookies or rewriting URLs.
This interface allows servlets to
• View and manipulate information about a session, such as the session identifier, creation
time, and last accessed time
• Bind objects to sessions, allowing user information to persist across multiple user
connections

Method Description
public HttpSession getSession() Will cause one session to be created.
public HttpSession getSession(boolean) true = will cause one to be created;
false = will return null (no session)
public String getRequestedSessionId() Gets the ID assigned by the server to the session
public Boolean isRequestedSessionIdValid() Returns true if the request contains a valid session
ID
public Boolean Returns true if the session ID was sent as part of a
isRequestedSessionIdFromCookie() cookie
public Boolean Returns true if the session ID was sent through
isRequestedSessionIdFromURL() URL rewriting
Cookie:

Cookies in Servlet
A cookie is a small piece of information that is persisted between the multiple client requests.
A cookie has a name, a single value, and optional attributes such as a comment, path and domain
qualifiers, a maximum age, and a version number.

How Cookie works

By default, each request is considered as a new request. In cookies technique, we add cookie with
response from the servlet. So cookie is stored in the cache of the browser. After that if request is
sent by the user, cookie is added with request by default. Thus, we recognize the user as the old
user.

Types of Cookie
There are 2 types of cookies in servlets.
1. Non-persistent cookie
2. Persistent cookie

Non-persistent cookie
It is valid for single session only. It is removed each time when user closes the browser.

Persistent cookie
It is valid for multiple session . It is not removed each time when user closes the browser. It is
removed only if user logout or signout.

Advantage of Cookies
1. Simplest technique of maintaining the state.
2. Cookies are maintained at client side.
Disadvantage of Cookies
1. It will not work if cookie is disabled from the browser.
2. Only textual information can be set in Cookie object.

Constructor of Cookie class

Constructor Description
Cookie() constructs a cookie.
Cookie(String name, String value) constructs a cookie with a specified name and value.

Useful Methods of Cookie class

There are given some commonly used methods of the Cookie class.
Method Description
public void setMaxAge(int
Sets the maximum age of the cookie in seconds.
expiry)
Returns the name of the cookie. The name cannot be changed after
public String getName()
creation.
public String getValue() Returns the value of the cookie.
public void setName(String
changes the name of the cookie.
name)
public void setValue(String
changes the value of the cookie.
value)

Other methods required for using Cookies

For adding cookie or getting the value from the cookie, we need some methods provided by other
interfaces. They are:

1. public void addCookie(Cookie ck):method of HttpServletResponse interface is used to

add cookie in response object.
2. public Cookie[] getCookies():method of HttpServletRequest interface is used to return all
the cookies from the browser.

How to create Cookie?

Let's see the simple code to create cookie.
1. Cookie ck=new Cookie("user","sonoo jaiswal");//creating cookie object
2. response.addCookie(ck);//adding cookie in the response
How to delete Cookie?
Let's see the simple code to delete cookie. It is mainly used to logout or signout the user.
1. Cookie ck=new Cookie("user","");//deleting value of cookie
2. ck.setMaxAge(0);//changing the maximum age to 0 seconds
3. response.addCookie(ck);//adding cookie in the response

How to get Cookies?

Let's see the simple code to get all the cookies.
1. Cookie ck[]=request.getCookies();
2. for(int i=0;i<ck.length;i++){
3. out.print("<br>"+ck[i].getName()+""+ck[i].getValue());//printing name and value of cookie
4. }
JSP:
JSP technology is used to create web application just like Servlet technology. It can be thought of as
an extension to servlet because it provides more functionality than servlet such as expression
language, jstl etc.
A JSP page consists of HTML tags and JSP tags. The jsp pages are easier to maintain than servlet
because we can separate designing and development. It provides some additional features such as
Expression Language, Custom Tag etc.

Advantage of JSP over Servlet

There are many advantages of JSP over servlet. They are as follows:

1) Extension to Servlet
JSP technology is the extension to servlet technology. We can use all the features of servlet in JSP.
In addition to, we can use implicit objects, predefined tags, expression language and Custom tags in
JSP, that makes JSP development easy.

2) Easy to maintain
JSP can be easily managed because we can easily separate our business logic with presentation
logic. In servlet technology, we mix our business logic with the presentation logic.

3) Fast Development: No need to recompile and redeploy

If JSP page is modified, we don't need to recompile and redeploy the project. The servlet code needs
to be updated and recompiled if we have to change the look and feel of the application.

4) Less code than Servlet

In JSP, we can use a lot of tags such as action tags, jstl, custom tags etc. that reduces the code.
Moreover, we can use EL, implicit objects etc.

JSP Life Cycle:

The JSP pages follows these phases:

• Translation of JSP Page

• Compilation of JSP Page
• Classloading (class file is loaded by the classloader)
• Instantiation (Object of the Generated Servlet is created).
• Initialization ( jspInit() method is invoked by the container).
• Reqeust processing ( _jspService() method is invoked by the container).
• Destroy ( jspDestroy() method is invoked by the container).
As depicted in the above diagram, JSP page is translated into servlet by the help of JSP translator.
The JSP translator is a part of webserver that is responsible to translate the JSP page into servlet.
Afterthat Servlet page is compiled by the compiler and gets converted into the class file. Moreover,
all the processes that happens in servlet is performed on JSP later like initialization, committing
response to the browser and destroy.

JSP expression tag

The code placed within JSP expression tag is written to the output stream of the response. So you
need not write out.print() to write data. It is mainly used to print the values of variable or method.
Syntax of JSP expression tag

1. <%=statement%>

Example of JSP expression tag

In this example of jsp expression tag, we are simply displaying a welcome message.
1. <html>
2. <body>
3. <%="welcome to jsp" %>
4. </body>
5. </html>
The JSP declaration tag is used to declare fields and methods.
The code written inside the jsp declaration tag is placed outside the service() method of auto
generated servlet.
So it doesn't get memory at each request.

Example of JSP expression tag that prints current time

To display the current time, we have used the getTime() method of Calendar class. The getTime() is
an instance method of Calendar class, so we have called it after getting the instance of Calendar
class by the getInstance() method.
index.jsp
1. <html>
2. <body>
3. Current Time: <%= java.util.Calendar.getInstance().getTime() %>
4. </body>
5. </html>

Example of JSP expression tag that prints the user name

In this example, we are printing the username using the expression tag. The index.html file gets the
username and sends the request to the welcome.jsp file, which displays the username.
File: index.jsp
1. <html>
2. <body>
3. <form action="welcome.jsp">
4. <input type="text" name="uname"><br/>
5. <input type="submit" value="go">
6. </form>
7. </body>
8. </html>
File: welcome.jsp
1. <html>
2. <body>
3. <%= "Welcome "+request.getParameter("uname") %>
4. </body>
5. </html>

Example of JSP declaration tag that declares field

In this example of JSP declaration tag, we are declaring the field and printing the value of the
declared field using the jsp expression tag.

index.jsp
1. <html>
2. <body>
3. <%! int data=50; %>
4. <%= "Value of the variable is:"+data %>
 5. </body>
6. </html>

Example of JSP declaration tag that declares method :

In this example of JSP declaration tag, we are defining the method which returns the cube of given
number and calling this method from the jsp expression tag. But we can also use jsp scriptlet tag to
call the declared method.

index.jsp
1. <html>
2. <body>
3. <%!
4. int cube(int n){
5. return n*n*n*;
6. }
7. %>
8. <%= "Cube of 3 is:"+cube(3) %>
9. </body>
10. </html>

Expression of variables

In this example we have initialized few variables and passed the expression of variables in the
expression tag for result evaluation.
<html>
<head>
<title>JSP expression tag example2</title>
</head>
<body>
<%
int a=10;
int b=20;
int c=30;
%>
<%= a+b+c %>
</body>
</html>
JSP directives
The jsp directives are messages that tells the web container how to translate a JSP page into

the corresponding servlet. There are three types of

directives:
• page directive
• include directive
• taglib directive

Syntax of JSP Directive

1. <%@ directive attribute="value" %>

JSP page directive

The page directive defines attributes that apply to an entire JSP page.

Syntax of JSP page directive

1. <%@ page attribute="value" %>

Attributes of JSP page directive

• import
• contentType
• extends
• info
• buffer
• language
• isELIgnored
• isThreadSafe
• autoFlush
• session
• pageEncoding
• errorPage
• isErrorPage

1) import
The import attribute is used to import class,interface or all the members of a package.It is similar to
import keyword in java class or interface.
Example of import attribute
1. <html>
2. <body>
3.
4. <%@ page import="java.util.Date" %>
5. Today is: <%= new Date() %>
6.
7. </body>
8. </html>

2) contentType
The contentType attribute defines the MIME(Multipurpose Internet Mail Extension) type of the
HTTP response.The default value is "text/html;charset=ISO-8859-1".

Example of contentType attribute

1. <html>
2. <body>
3.
4. <%@ page contentType=application/msword %>
5. </body>
6. </html>

3) extends
The extends attribute defines the parent class that will be inherited by the generated servlet.It is
rarely used.

4) info
This attribute simply sets the information of the JSP page which is retrieved later by using
getServletInfo() method of Servlet interface.

Example of info attribute

1. <html>
2. <body>
3.
4. <%@ page info="composed by Sonoo Jaiswal" %>
5. </body>
6. </html>
The web container will create a method getServletInfo() in the resulting servlet.For example:
1. public String getServletInfo() {
2. return "composed by Sonoo Jaiswal";
3. }
5) buffer
The buffer attribute sets the buffer size in kilobytes to handle output generated by the JSP page.The
default size of the buffer is 8Kb.

Example of buffer attribute

1. <html>
2. <body>
3.
4. <%@ page buffer="16kb" %>
5. </body>
6. </html>

JSP Declaration Tag example

Declaration Tag Example

<%!
String name = "Mark";
String date = "28th April, 2004";
%>

<HTML>
<TITLE>Declaration Tag Example</TITLE>

<BODY>
This page was last modified on <%= date %> by <%= name %>.
</BODY>
</HTML>

JSTL:
The JavaServer Pages Standard Tag Library (JSTL) is a collection of useful JSP tags which
encapsulates core functionality common to many JSP applications.

JSTL has support for common, structural tasks such as iteration and conditionals, tags for
manipulating XML documents, internationalization tags, and SQL tags. It also provides a
framework for integrating existing custom tags with JSTL tags.
The JSTL tags can be classified, according to their functions, into following JSTL tag library groups
that can be used when creating a JSP page:
• Core Tags
• Formatting tags
• SQL tags
• XML tags
• JSTL Functions

Core Tags:
The core group of tags are the most frequently used JSTL tags. Following is the syntax to include
JSTL Core library in your JSP:
<%@ taglib prefix="c"
uri="http://java.sun.com/jsp/jstl/core" %>

There are following Core JSTL Tags:

Tag Description
<c:out > Like <%= ... >, but for expressions.
<c:set > Sets the result of an expression evaluation in a 'scope'
<c:remove > Removes a scoped variable (from a particular scope, if specified).
<c:catch> Catches any Throwable that occurs in its body and optionally exposes it.
<c:if> Simple conditional tag which evalutes its body if the supplied condition is true.
Simple conditional tag that establishes a context for mutually exclusive conditional
<c:choose>
operations, marked by <when> and <otherwise>
<c:when> Subtag of <choose> that includes its body if its condition evalutes to 'true'.
<c:otherwise Subtag of <choose> that follows <when> tags and runs only if all of the prior
> conditions evaluated to 'false'.
Retrieves an absolute or relative URL and exposes its contents to either the page, a
<c:import>
String in 'var', or a Reader in 'varReader'.
The basic iteration tag, accepting many different collection types and supporting
<c:forEach >
subsetting and other functionality .
<c:forTokens
Iterates over tokens, separated by the supplied delimeters.
>
<c:param> Adds a parameter to a containing 'import' tag's URL.
<c:redirect > Redirects to a new URL.
<c:url> Creates a URL with optional query parameters

Formatting tags:
The JSTL formatting tags are used to format and display text, the date, the time, and numbers for
internationalized Web sites. Following is the syntax to include Formatting library in your JSP:
<%@ taglib prefix="fmt"
uri="http://java.sun.com/jsp/jstl/fmt" %>
Following is the list of Formatting JSTL Tags:
Tag Description
<fmt:formatNumber> To render numerical value with specific precision or format.
<fmt:parseNumber> Parses the string representation of a number, currency, or percentage.
<fmt:formatDate> Formats a date and/or time using the supplied styles and pattern
<fmt:parseDate> Parses the string representation of a date and/or time
<fmt:bundle> Loads a resource bundle to be used by its tag body.
<fmt:setLocale> Stores the given locale in the locale configuration variable.
Loads a resource bundle and stores it in the named scoped variable or the
<fmt:setBundle>
bundle configuration variable.
Specifies the time zone for any time formatting or parsing actions nested in
<fmt:timeZone>
its body.
<fmt:setTimeZone> Stores the given time zone in the time zone configuration variable
<fmt:message> To display an internationalized message.
<fmt:requestEncodin
Sets the request character encoding
g>

SQL tags:
The JSTL SQL tag library provides tags for interacting with relational databases (RDBMSs) such as
Oracle, mySQL, or Microsoft SQL Server.
Following is the syntax to include JSTL SQL library in your JSP:
<%@ taglib prefix="sql"
uri="http://java.sun.com/jsp/jstl/sql" %>

Following is the list of SQL JSTL Tags:

Tag Description
<sql:setDataSourc
Creates a simple DataSource suitable only for prototyping
e>
<sql:query> Executes the SQL query defined in its body or through the sql attribute.
<sql:update> Executes the SQL update defined in its body or through the sql attribute.
<sql:param> Sets a parameter in an SQL statement to the specified value.
<sql:dateParam> Sets a parameter in an SQL statement to the specified java.util.Date value.
Provides nested database action elements with a shared Connection, set up to
<sql:transaction >
execute all statements as one transaction.

TLD
1. It is Tag library descriptor

2. All files stored with .tld extension

3. It is a XML file
4. We can create custom tags in TLD

5. It validates the functionality of the tags

6. Tag describes the page information.

Java Security
As java is internet language so we need security for it.

Import java.security is the package in which it contains number of classes related to security
and Guard.

1.Permission class
Permission class is used to give the permissions to the standard code.

Permission class extends serializable and Guard interface

Syntax:

public class Permission implements Serializable, Guard

Subclasses of Permission class as follows:

AllPermission

FilePermission

unResolvedPermission
Policy class
Policy class is used to run the code in run environment or not.

Syntax:

public class Policy extnds Object

Methods of Policy class:

void setPolicy()

String getPolicy()