|
Key
This line was removed.
This word was removed. This word was added.
This line was added.
|
Comment:
Changes (0)
View page history... h1. Servlets & JSP Job Task Analysis *{_}Please review this Job Task Analysis and provide input by adding your comments to this wiki. Please also complete the short survey at: _* *_[Servlets & JSP Survey|http://www.surveymonkey.com/s.aspx?sm=c1L9BkcoTA1h_2bu0kXBBKiA_3d_3d]_* h2. Web Application Developer h3. Job Description SCJWAD targets application developers required to build internal and external user driven web application with Java Web technologies. h3. Responsibilities * Develop web applications and architectures using standards and protocols * Design and implement views using JSTL, and JSPs * Identify, design, develop and integrate entities * Perform request and response processing * Processing * Manage user and application state data throughout the interaction lifecycle * Validate application data * Integrate resources/JPA * Identify, capture and resolve errors * Determine and implement application navigation flow * Test, package and deploy applications ** Configure Web application for deployment ** Identify and organize artifacts and dependencies ** Identify, develop test cases and test suites * Identify and implement a security model * Identify and integrate 3rd party components and frameworks. h3. Core Skills !webappjta02.png! h3. Scenario 2 (Internal CSR Application using JSP/Servlet) * Define custom tag library * Design views for components * Map view to model * Manage state data (model-lifecycle) * Define/design/develop conf-based/connection-based flow * Validate data using JavaBeans and custom tag libraries * Design architecture * Design/Develop controllers * Configure servlet * Define/Develop models * Integrate JavaScript into View * Define/Develop views * Integrate Models and views * Integrate resources/JPA * Integrate validations * Integrate navigation flow/ redirection * Integrate Security * Tests * Packages application for deployment * Deploys application h3. Role {color:green}Gap: Undefined.{color} h3. Validity * Java EE 5 - Yes * Java EE 6 - No h4. Notes * Nothing that examines HTML or CSS. * REST Web Services h4. Task 1: Design web applications using standard architectures, protocols, technologies, and components # Identify the key technologies, standards, protocols, and components used to build a Java-based web application # Given a design, correctly identify which Java EE technologies would be applicable to implement the design # Identify the difference between a web container and a web server in the relation to servlets and JSP development # Describe the characteristics of HTTP-based communication and how it effects web application development # For each of the HTTP Methods (such as GET, POST, HEAD, and so on) describe the purpose of the method and the technical characteristics of the HTTP Method protocol, list triggers that might cause a Client (usually a Web browser) to use the method # Design the components of a model-view-controller architecture and their implementation technologies h4. Task 2: Design views using JSP and JSTL # Identify the role and correctly describe the design of JSP and JSTL in a model-view-controller architecture # Describe the purpose and event sequence of the JSP page life cycle: ## JSP page translation ## JSP page compilation ## load class ## create instance ## call the jspInit method ## call the \_jspService method ## call the jspDestroy method. # Create sketches of the user interface and application navigation flow ## From the functional design, derive a collection of web pages sketches that expose the business logic ## Determine which entity (model) components each page has a dependency on ## Look at the resulting collection of web page sketches and determine what common content needs to be on every page that could be included in the template h4. Task 3: Implement views using JSP, JSTL, and Custom Tag Libraries # From resulting sketches, implement a page template using HTML/XHTML and JSP/JSTL # Identify, describe, or write the JSP code for the following elements: ## template text ## scripting elements (comments, directives, declarations, scriptlets, and expressions) ## standard and custom actions ## expression language elements. ## {color:green}(Note: Scriptlets are not recommended.){color} # Write JSP code that uses the directives: ## 'page' (with attributes 'import', 'session', 'contentType', and 'isELIgnored') ## 'include' ## 'taglib'. # Write a JSP Document (XML-based document) that uses the correct syntax. # Given a design goal, write JSP code using the appropriate implicit objects: ## request, response, and out ## page, session, and application ## config and pageContext ## exception # Given a specific design goal for including a JSP segment in another page, identify and write the JSP code using the most appropriate inclusion mechanism ## the include directive or ## the jsp:include standard action # Given a scenario, write Unified Expression Language (EL) code that accesses the following implicit variables including: ## pageScope, requestScope, sessionScope, and applicationScope ## initParam, param and paramValues ## header, headerValues, cookie, ## pageContext h4. Task 4: Design and develop the model using JavaBeans or Pojos # Identify possible candidates for a model ## Referring to user interface sketches and templates identify and develop JavaBeans ## Referring to underlying database schema, identify and develop JPA entities ## Determine if user interface models directly map to JPA entities ### Decide is the solution will use JPA entities as the user interface model ### Or create a JavaBeans to JPA entity model translator # Compile and package JavaBeans or JPA entities with web application h4. Task 5: Integrate external resources such as JPA within Web Application # Access application data using JPA. {color:red}Overlap with JPA{color} ## Create basic JPA Entity classes ## Utilize Entity classes by creating code that uses the EntityManager API by injecting it into the Servlet ## Use JPA relationships to model relational table joins ## Ensure data integrity by using Transaction and Locking ## Apply Entity Listeners and Callback Methods ## Create error handling code ## Optimize database access ## Configure and package JPA Entity classes in enterprise modules h4. Task 6: Perform request and response processing # Identify which HttpServlet method corresponds to the HTTP Method of an HTTP request # Using the HttpServletRequest interface, write code to parse an HTTP request, including retrieving an HTTP request header such as User-Agent # Using the HttpServletResponse interface, write code to set an HTTP response header, set the content type of the response, acquire a stream for the response, and generate a valid response based on content-type # Using the HttpServletRequest interface, write code to retrieve HTML form parameters from the request, retrieve HTTP request header information, or retrieve cookies from the request. # Describe the purpose and event sequence of the servlet life cycle: ## servlet class loading, ## servlet instantiation, ## call the init method, ## call the service method, and ## call destroy method. h4. Task 7: Develop controller to manage navigation # Identify navigation paths and dependencies between view and model # Develop a controller using an HttpServlet # Apply request and response filtering through the use of a FilterChain and a Filter # Describe the RequestDispatcher mechanism; write servlet code to create a request dispatcher; write servlet code to forward or include the target resource; and identify and describe the additional request-scoped attributes provided by the container to the target resource. # Dispatch request to the appropriate handler in the navigation path. # Develop a Servlet that invokes a remote web service asynchronously. ## Create an {{AsyncContext}} from the {{ServletRequest}} ## Invoke the web service using JAX-WS / JAX-RS technology {color:red}Overlap with Web services (JAX-WS / JAX-RS){color} ## Collate the response from the web service ## Do an async dispatch to the servlet with the response from the web service call to render response to the client using a JSP. # Create a wrapper for request and response that logs request processing activity. h4. Task 8: Integrate Model-view-controller # Map the request parameter data, to the appropriate JavaBean or JPA entity properties # Use the JavaBean / JPA entity to access data in the database # Pass the model to the view technologies such as JSP using attributes such as request and session # Given a design goal, create a code snippet using the following standard actions: jsp:useBean (with attributes: 'id', 'scope', 'type', and 'class'), jsp:getProperty, jsp:setProperty (with all attribute combinations), and jsp:attribute. # Given a scenario, write Unified Expression Language (EL) code that accesses JavaBean model data and its correlating properties # Given a scenario, write EL code that uses the following operators: property access (the . operator), collection access (the \[\] operator). # Given a design goal, create a code snippet using the following standard actions: jsp:include, jsp:forward, and jsp:param. h4. Task 9: Manage user and application state data throughout the interaction lifecycle # Write servlet code to store objects into a session object and retrieve objects from a session object. # Given a scenario describe the APIs used to access the session object, explain when the session object was created, and describe the mechanisms used to destroy the session object, and when it was destroyed. # Using session listeners, write code to respond to an event when an object is added to a session, and write code to respond to an event when a session object migrates from one VM to another. # Given a scenario, describe which session management mechanism the Web container could employ, how cookies might be used to manage sessions, how URL rewriting might be used to manage sessions, and write servlet code to perform URL rewriting. # Configure Session tracking cookie configuration via API and descriptors # Configure a cookie to be a HttpOnly cookie. {color:green}Note Should be covered in course material: Implications of using sessions. Impact on scalability, requirements for clustering and session-affinity infrastructure.{color} {color:green}Note Should be covered in course material: Relation to Authentication state. Decrease emphasis on URL-rewriting based on security implications.{color} h4. Task 10: Validate application data # Identify and define which elements require validation # Determine which validation model to utilize: client-side validation, server-side validation, or both # Identify validation constraints for each entity and its related properties # Implement validation constraints in entities as business business logic # Implement validation constraints using an external validation framework # Define error notification mechanism on validation failure # Generate error and notify validation failed # Stop request processing h4. Task 11: Identify, Capture, and Resolve Errors # Define the presentation level error handling strategy for JSPs ## Implement error pages using isErrorPage attribute ## Integrate error redirection using errorPage attribute ## Define exception-level error redirection in web.xml # Define the model level error handing strategy for POJOs ## Implement custom Exception classes ## Implement try / catch / finally blocks to detect and recover from errors # Define error logging strategy ## Configure logging java.util.logging properties ## Retrieve Logger from logging system ## Log error with Logger # Define HTTP-level / navigation-level error handling strategy ## Design HTML or JSP error page ## Register HTML or JSP with HTTP specific error in web.xml h4. Task 12: Identify and implement a security model Note: Web security model does not creep into application design; probably should happen early on; security model is intrinsic to application # Identify appropriate security model ## Decide wether authentication is required ## Decide which HTTP methods are allowed/disallowed ## Decide which HTTP style is used HTTP v. HTTPS ## Decide if role-based access is required # Change allow everything to a constrained model # Identify appropriate security model ## Decide wether authentication is required ## Decide which HTTP methods are allowed/disallowed ## Decide which HTTP style is used HTTP v. HTTPS ## Decide if role-based access is required # Change allow everything to a constrained model # Determine what security is available / not available in servlets # Plug in JSR 196 # Define a constraint that implements XYZ security policy # Use security APIs in Servlet API # Demonstrate how to use FORM-based login # Write an application manage authentication {color:green}refinement of above list (intended to replace it){color} # define (caller) access control model of application ## Identify resources (by url-pattern) and HTTP method to which access is to be restricted ### map restricted resources to one or more permitted roles ### identify requests that must only be sent over a confidential transport (because they contain sensitive data) ### identify resources (and or http methods) for which access is to be precluded under all circumstances # define security constraints and or annotations (or embedded isUserInRole checks) to realize the application access control model # establish authentication mechanism to be used by application ## protect seesion cookies via SSL, http-only, and against CSRF ## if application is to control authentication, define application components with embedded authenticate and login calls, and structure app to route users through these components ## if mechanism is password based, protect passwords on the wire (via user-data-constraint) on login pages # define mapping of authentication identities to roles # process/escape input from users to eliminate XSS vulnerabilities, resulting from reflection in responses, including after storage h4. Task 13: Test, package and deploy applications # Construct the file and directory structure of a Web Application that may contain ## static content, ## JSP pages, ## servlet classes, ## the deployment descriptor, ## tag libraries, ## JAR files, and ## Java class files; and describe how to protect resource files from HTTP access. # Describe the purpose and semantics of the deployment descriptor. # Construct the correct structure of the deployment descriptor. # Configure the deployment descriptor to declare one or more tag libraries, deactivate the evaluation language, and deactivate the scripting language. # Explain the purpose of a WAR file and describe the contents of a WAR file, how one may be constructed. # Define URL mappings to support designed navigation flow |