request.getCookies()
request.getAttributes()
request.getSession().getCookies()
Business Delegate and Transfer Object
Business Delegate and Service Locator
Front Controller and Business Delegate
Intercepting Filter and Transfer Object
Transfer Object
Service Locator
<c:out>${message}</c:out>
<c:out value='${message}' />
<c:out value='${message}' escapeXml='true' />
<c:out eliminateXml='true'>${message}</c:out>
Classic tag handlers and tag files CANNOT reside in the same tag library.
A file named foo.tag, located in /WEB-INF/tags/bar, is recognized as a tag file by the container.
A file named foo.tag, bundled in a JAR file but NOT defined in a TLD, triggers a container translation error.
A file named foo.tag, located in a web application's root directory, is recognized as a tag file by the container.
Developer has used this code within a servlet:
62. if(request.isUserInRole("vip")) {
63. // VIP-related logic here
64. }
create a user called vip in the security realm
define a group within the security realm and call it vip
define a security-role named vip in the deployment descriptor
<%! int i; %>
<%= int i; %>
<jsp:expr>int i;</jsp:expr>
<jsp:scriptlet>int i;</jsp:scriptlet>
Given this fragment in a servlet:
23. if(req.isUserInRole("Admin")) {
24. // do stuff
25. }
And the following fragment from the related Java EE deployment descriptor:
812. <security-role-ref>
813. <role-name>Admin</role-name>
814. <role-link>Administrator</role-link>
815. </security-role-ref>
900. <security-role>
901. <role-name>Admin</role-name>
902. <role-name>Administrator</role-name>
903. </security-role>
Line 24 can never be reached.
The deployment descriptor is NOT valid.
If line 24 executes, the user's role will be Admin.
If line 24 executes, the user's role will be Administrator.
You are developing several tag libraries that will be sold for development of third-party web applications. You are about to publish the first three libraries as JAR files:container-tags.jar, advanced-html-form-tags.jar, and basic-html-form-tags.jar. Which two techniques are appropriate for packaging the TLD files for these tag libraries? (Choose two.)
The TLD must be located within the WEB-INF directory of the JAR file.
The TLD must be located within the META-INF directory of the JAR file.
The TLD must be located within the META-INF/tld/ directory of the JAR file.
The TLD must be located within a subdirectory of WEB-INF directory of the JAR file.
The TLD must be located within a subdirectory of META-INF directory of the JAR file.
To manage the user's login and logout activities.
To store information on the client-side between HTTP requests.
To store information on the server-side between HTTP requests.
Squeaky Beans Inc. hired an outside consultant to develop their web application. To finish the job quickly, the consultant created several dozen JSP pages that directly communicate with the database. The Squeaky business team has since purchased a set of business objects to model their system, and the Squeaky developer charged with maintaining the web application must now refactor all the JSPs to work with the new system. Which pattern can the developer use to solve this problem?
javax.servlet.http.HttpSessionListener
javax.servlet.http.HttpSessionValueListener
javax.servlet.http.HttpSessionBindingListener
Given the two security constraints in a deployment descriptor:
101. <security-constraint>
102. <!--a correct url-pattern and http-method goes here-->
103. <auth-constraint><role-name>SALES</role-name></auth-
103. <auth-constraint>
104. <role-name>SALES</role-name>
105. </auth-constraint>
106. </security-constraint>
107. <security-constraint>
108. <!--a correct url-pattern and http-method goes here-->
109. <!-- Insert an auth-constraint here -->
110. </security-constraint>
<auth-constraint/>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<role-name>ANY</role-name>
<role-name>MARKETING</role-name>
<jsp:declaration>
int count = 0;
<%! int count = 0; %>
<jsp:declaration.instance>
<jsp:scriptlet.declaration>
Given:
5. public class MyTagHandler extends TagSupport {
6. public int doStartTag() throws JspException {
7. try {
8. // insert code here
9. } catch(Exception ex) { /* handle exception */ }
10. return super.doStartTag();
11. }
...
42. }
Which code snippet, inserted at line 8, causes the value foo to be output?
JspWriter w = pageContext.getOut();
w.print("foo");
JspWriter w = pageContext.getWriter();
JspWriter w = new JspWriter(pageContext.getWriter());
JspWriter w = new JspWriter(pageContext.getResponse());
http://com.example/myServlet.jsp?num=one&num=two&num=three
${param.num[0],[1] and [2]}
${paramValues[0],[1] and [2]}
${param.num[0]}, ${param.num[1]} and ${param.num[2]}
${paramValues["num"][0]}, ${paramValues["num"][1]} and ${paramValues["num"][2]}
${parameterValues.num[0]}, ${parameterValues.num[1]} and ${parameterValues.num[2]}
Developer is designing a web application which extensively uses EJBs and JMS. The developer finds that there is a lot of duplicated code to build the JNDI contexts to access the beans and queues. Further, because of the complexity, there are numerous errors in the code.
Command
The developer must ensure that every URL is properly encoded using the appropriate URL rewriting APIs.
The developer must provide an alternate mechanism for managing sessions and abandon the HttpSession mechanism entirely.
The developer can ignore this issue. Web containers are required to support automatic URL rewriting when cookies are not supported.
Assume the custom tag my:errorProne always throws a java.lang.Runtime Exception with the message "File not found."
An error page has been configured for this JSP page.
<c:try catch="ex">
<my:errorProne />
</c:try>
${ex.message}
<c:catch var="ex">
</c:catch>
<c:try>
<c:catch var="ex" />
<my:errorProne>
</my:errorProne>
Your web application requires the ability to load and remove web files dynamically to the web container's file system. Which two HTTP methods are used to perform these actions? (Choose two.)
It can be invoked only from the doGet or doPost methods.
It can be used independently of the getRemoteUser method.
Can return "true" even when its argument is NOT defined as a valid role name in the deployment descriptor.
Using the isUserInRole method overrides any declarative authentication related to the method in which it is invoked.
ServletResponse.encodeURL
HttpServletResponse.encodeURL
ServletResponse.encodeRedirectURL
HTTP Basic Authentication
Given that a scoped attribute cart exists only in a user's session, which two, taken independently, ensure the scoped attribute cart no longer exists? (Choose two.)
${cart = null}
<c:remove var="cart" />
<c:remove var="${cart}" />
<c:remove var="cart" scope="session" />
<c:remove scope="session">cart</c:remove>
<c:remove var="${cart}" scope="session" />
You are creating a content management system (CMS) with a web
application front-end. The JSP that displays a given document in the CMS has the following general
structure:
1. <%-- tag declaration --%>
2. <t:document>
11. <t:paragraph>... <t:citation docID='xyz' /> ...</t:paragraph>
99. </t:document>
The citation tag must store information in the document tag for the document tag to generate a reference section at the end of the generated web page.
The document tag handler follows the Classic tag model and the citation tag handler follows the Simple
tag model. Furthermore, the citation tag could also be embedded in other custom tags that could have
either the Classic or Simple tag handler model.
public void doTag() {
JspTag docTag = findAncestorWithClass(this, DocumentTag.class);
((DocumentTag)docTag).addCitation(this.docID);
}
public void doStartTag() {
Tag docTag = findAncestor(this, DocumentTag.class);
You are creating a new JSP page and you need to execute some code that acts when the page is first executed, but only once. Which three are possible mechanisms for performing this initialization code? (Choose three.)
In the init method.
In the jspInit method.
In the constructor of the JSP's Java code.
In a JSP declaration, which includes an initializer block.
The tl:taskList and tl:task tags output a set of tasks to the response and are used as follows:
11. <tl:taskList>
12. <tl:task name="Mow the lawn" />
13. <tl:task name="Feed the dog" />
14. <tl:task name="Do the laundry" />
15. </tl:taskList>
The tl:task tag supplies information about a single task while the tl:taskList tag does the final output. The tag handler for tl:taskList is TaskListTag. The tag handler for tl:task is TaskTag. Both tag handlers
extend BodyTagSupport.
It is impossible for a tag handler that extends BodyTagSupport to communicate with its parent and child tags.
In the TaskListTag.doStartTag method, call super.getChildTags() and iterate through the results.
Cast each result to a TaskTag and call getName().
In the TaskListTag.doStartTag method, call getChildTags() on the PageContext and iterate through the results.
Create an addTaskName method in TaskListTag. Have the TaskListTag.doStartTag method, return
BodyTag.EVAL_BODY_BUFFERED.
In the TaskTag.doStartTag method, call super.getParent(), cast it to a TaskListTag, and call addTaskName().
BodyTag.EVAL_BODY_BUFFERED. In the TaskTag.doStartTag method, call findAncestorWithClass() on the
PageContext, passing TaskListTag as the class to find. Cast the result to TaskListTag and call addTaskName().
Which two are characteristics of the Transfer Object design pattern? (Choose two.)
It reduces network traffic by collapsing multiple remote requests into one.
It increases the complexity of the remote interface by removing coarse-grained methods.
It increases the complexity of the design due to remote synchronization and version control issues.
long customerOID = 47L;
session.setAttribute("customerOID", new Long(customerOID));
session.setLongAttribute("customerOID", new Long(customerOID));
session.setAttribute("customerOID", customerOID);
session.setNumericAttribute("customerOID", new Long(customerOID));
session.setLongAttribute("customerOID", customerOID);
Facade
View Helper
Intercepting Filter
Add attributes to the session object.
Add attributes on the request object.
Add parameters to the request object.
Use the pageContext object to add request attributes.
Form-based logins should NOT be used with HTTPS.
When using Basic Authentication the target server is NOT authenticated.
J2EE compliant web containers are NOT required to support the HTTPS protocol.
Web containers are required to support unauthenticated access to unprotected web resources.
Given a header in an HTTP request: X-Retries: 4
Which two retrieve the value of the header from a given HttpServletRequest request? (Choose two.)
request.getHeader("X-Retries")
request.getIntHeader("X-Retries")
request.getRequestHeader("X-Retries")
request.getHeaders("X-Retries").get(0)
Given an EL function declared with:
11. <function>
12. <name>spin</name>
13. <function-class>com.example.Spinner</function-class>
14. <function-signature>
15. java.lang.String spinIt()
16. </function-signature>
17. </function>
The function method must have the signature:
public String spin().
The method must be mapped to the logical name "spin" in the web.xml file.
public String spinIt().
The function method must have the signature
public static String spin().
public static String spinIt().
As a convenience feature, your web pages include an Ajax request every five minutes to a special servlet that monitors the age of the user's session. The client-side JavaScript that handles the Ajax callback displays a message on the screen as the session ages. The Ajax call does NOT pass any cookies, but it passes the session ID in a request parameter called sessionID. In addition, assume that your webapp keeps a hashmap of session objects by the ID. Here is a partial implementation of this servlet:
10. public class SessionAgeServlet extends HttpServlet {
11. public void service(HttpServletRequest request, HttpServletResponse) throws IOException {
12. String sessionID = request.getParameter("sessionID");
13. HttpSession session = getSession(sessionID);
14. long age = // your code here
15. response.getWriter().print(age);
16. }
... // more code here
47. }
session.getMaxInactiveInterval();
session.getLastAccessed().getTime() - session.getCreationTime().getTime();
session.getLastAccessedTime().getTime() - session.getCreationTime().getTime();
session.getLastAccessed() - session.getCreationTime();
session.getMaxInactiveInterval() - session.getCreationTime();
Developer has created a special servlet that is responsible for generating XML content that is sent to a data warehousing subsystem. This subsystem uses HTTP to request these large data files, which are compressed by the servlet to save internal network bandwidth. The developer has received a request from management to create several more of these data warehousing servlets. The developer is about to copy and paste the compression code into each new servlet. Which design pattern can consolidate this compression code to be used by all of the data warehousing servlets?
Fa�ade
You want to create a valid directory structure for your Java EE web application, and your application uses tag files and a JAR file. Which three must be located directly in your WEB-INF directory (NOT in a subdirectory of WEB-INF)? (Choose three.)
The JAR file
A directory called lib
A directory called tags
A directory called TLDs
A directory called classes
session.setNumericAttribute("customerOID", customerOID);
Message: <b>${exception.message}</b>
Message: <b>${exception.errorMessage}</b>
Message: <b>${request.exception.message}</b>
Message: <b>${pageContext.exception.message}</b>
Message: <b>${request.exception.errorMessage}</b>
javax.servlet.http.HttpSessionAttributeListener
Given the element from the web application deployment descriptor:
<jsp-property-group>
<url-pattern>/main/page1.jsp</url-pattern>
<scripting-invalid>true</scripting-invalid>
</jsp-property-group>
and given that /main/page1.jsp contains:
<% int i = 12; %>
<b><%= i %></b>
What is the result?
<b></b>
<b>12</b>
The JSP fails to execute.
<% int i = 12 %>
The Squeaky Beans Inc. shopping application was initially developed for a non-distributed environment. The company recently purchased the Acme Application Server, which supports distributed HttpSession objects. When deploying the application to the server, the deployer marks it as distributable in the web application deployment descriptor to take advantage of this feature.
The J2EE web container must support migration of objects that implement Serializable.
The J2EE web container must use the native JVM Serialization mechanism for distributing HttpSession objects.
As per the specification, the J2EE web container ensures that distributed HttpSession objects will be stored in a database.
Your deployment descriptor will need to contain this tag:
<auth-method>CUSTOM</auth-method>.
The related custom HTML login page must be named loginPage.html.
When you use this type of authentication, SSL is turned on automatically.
You must have a tag in your deployment descriptor that allows you to point to both a login HTML page and an HTML page for handling any login errors.
<a href='<c:url url="foo.jsp"/>' />
<a href='<c:link url="foo.jsp"/>' />
<a href='<c:url value="foo.jsp"/>' />
You need to retrieve the username cookie from an HTTP request. If this cookie does NOT exist, then the c variable will be null.
10. Cookie c = request.getCookie("username");
10. Cookie c = null;
11. for ( Iterator i = request.getCookies();
12. i.hasNext(); ) {
13. Cookie o = (Cookie) i.next();
14. if ( o.getName().equals("username") ) {
15. c = o;
16. break;
17. }
18. }
11. for ( Enumeration e = request.getCookies();
12. e.hasMoreElements(); ) {
13. Cookie o = (Cookie) e.nextElement();
11. Cookie[] cookies = request.getCookies();
12. for ( int i = 0; i < cookies.length; i++ ) {
13. if ( cookies[i].getName().equals("username") ) {
14. c = cookies[i];
15. break;
Given the security constraint in a DD:
102. <web-resource-collection>
103. <web-resource-name>Foo</web-resource-name>
104. <url-pattern>/Bar/Baz/*</url-pattern>
105. <http-method>POST</http-method>
106. </web-resource-collection>
107. <auth-constraint>
108. <role-name>DEVELOPER</role-name>
109. </auth-constraint>
MANAGER can do a GET on resources in the /Bar/Baz directory.
MANAGER can do a POST on any resource in the /Bar/Baz directory.
MANAGER can do a TRACE on any resource in the /Bar/Baz directory.
DEVELOPER can do a GET on resources in the /Bar/Baz directory.
DEVELOPER can do only a POST on resources in the /Bar/Baz directory.
<!-- this is a comment -->
<% // this is a comment %>
<%-- this is a comment --%>
