This week covers advanced aspects of webapp development. They include declarative security, filters and dynamic scheduling, listeners and the webapp life-cycle, and design patterns.
Declarative Security
Why: Authentication and encryption without programming.
What: Designate pages that must be secured.
How: Define roles and users in conf/tomcat-users.xml; select the needed security and the URLs to secure in web.xml.
Example: add a login to an existing webapp
Filters
Why: Refactor the webapp without recompiling
What: Intercept the flow anywhere between the client, the servlets, and the JSPs on the way in or out.
How: Designate the interception points in web.xml; implement Filter; read and optionally modify the request or response; continue down the pipeline or abort.
Example: add a new validation; support a new protocol; log; compress; etc.
Event Listeners
Why: Monitor data structures globally and take actions
What: Get notified when the context and/or the session is created or destroyed and when any attribute in it is changed, added, or removed.
How: Write a listener that implements one of 4 interfaces and register it in web.xml.
Example: detect and log certain session features; start a back-office order application based on committed baskets; track sessions in an admin webapp; etc.
To Do
See the web_security.xml file in the Resource Directory under jee.
See the web_filter.xml file and PrimeFilter.java“ in the Resource Directory under jee.
* See the web_listener.xml file and HotNumbers.java” in the Resource Directory under jee.
Use the Servlet-Spec file in the Resource Directory as a reference for these advanced features.