====== Advanced Servlets ======

This week covers advanced aspects of webapp development. They include declarative security, filters and dynamic scheduling, listeners and the webapp life-cycle, and design patterns.

===== Declarative Security =====

  * Why: Authentication and encryption without programming.
  * What: Designate pages that must be secured.
  * How: Define roles and users in conf/tomcat-users.xml; select the needed security and the URLs to secure in web.xml.
  * Example: add a login to an existing webapp
  
===== Filters =====

  * Why: Refactor the webapp without recompiling
  * What: Intercept the flow anywhere between the client, the servlets, and the JSPs on the way in or out.
  * How: Designate the interception points in web.xml; implement //Filter//; read and optionally modify the request or response; continue down the pipeline or abort.
  * Example: add a new validation; support a new protocol; log; compress; etc.

===== Event Listeners =====

  * Why: Monitor data structures globally and take actions
  * What: Get notified when the context and/or the session is created or destroyed and when any attribute in it is changed, added, or removed.
  * How: Write a listener that implements one of 4 interfaces and register it in web.xml.
  * Example: detect and log certain session features; start a back-office order application based on committed baskets; track sessions in an admin webapp; etc.



===== To Do =====

  * See the //web_security.xml// file in the //Resource Directory// under //jee//.
  * See the //web_filter.xml// file and //PrimeFilter.java" in the //Resource Directory// under //jee//.
  * See the //web_listener.xml// file and //HotNumbers.java" in the //Resource Directory// under //jee//.
  * Use the Servlet-Spec file in the //Resource Directory// as a reference for these advanced features.