This week covers advanced aspects of webapp development. They include declarative security, filters and dynamic scheduling, listeners and the webapp life-cycle, and design patterns.

• Why: Authentication and encryption without programming.
• What: Designate pages that must be secured.
• How: Define roles and users in conf/tomcat-users.xml; select the needed security and the URLs to secure in web.xml.
• Example: add a login to an existing webapp

• Why: Refactor the webapp without recompiling
• What: Intercept the flow anywhere between the client, the servlets, and the JSPs on the way in or out.
• How: Designate the interception points in web.xml; implement Filter; read and optionally modify the request or response; continue down the pipeline or abort.
• Example: add a new validation; support a new protocol; log; compress; etc.

• Why: Monitor data structures globally and take actions
• What: Get notified when the context and/or the session is created or destroyed and when any attribute in it is changed, added, or removed.
• How: Write a listener that implements one of 4 interfaces and register it in web.xml.
• Example: detect and log certain session features; start a back-office order application based on committed baskets; track sessions in an admin webapp; etc.

• See the web_security.xml file in the Resource Directory under jee.
• See the web_filter.xml file and PrimeFilter.java“ in the Resource Directory under jee. * See the web_listener.xml file and HotNumbers.java” in the Resource Directory under jee.
• Use the Servlet-Spec file in the Resource Directory as a reference for these advanced features.