(tng)因ؓ(f)目中大多jsp都包含了(jin)一个jsp_head.jspQ所以考虑在jsp_head.jsp中做手脚Q这样可以省d多工作量?br /> (tng)1?在jsp_head.jsp中定义一个divQ主要显C数据加载的动态效果,比如囄Q,讄style="display:none"Q?br /> (tng)2?利用jQuery为所有的button和submit按钮dclick事gQ用来显CdivQ?
(tng) (tng) (tng) (tng)当然q里事g定义的范围可能比较广Q如果不需要的话可以由选择性的定义事gQ比如ؓ(f)按钮定义指定样式或IDQ以便jQuery能够选择到它?/p>
jsp_head.jsp中代码如下:(x)
(tng) (tng)<div id="dataLoad" style="display:none"><!--面载入昄-->
(tng) (tng) (tng)<table width=100% height=100% border=0 align=center valign=middle>
(tng) (tng) (tng) (tng)<tr height=50%><td align=center> </td></tr>
(tng) (tng) (tng) (tng)<tr><td align=center><img src="<%=request.getContextPath()%>/XXXXX/loading-gif.gif"/></td></tr>
(tng) (tng) (tng) (tng)<tr><td align=center>数据载入中,L(fng)?.....</td></tr>
(tng) (tng) (tng) (tng)<tr height=50%><td align=center> </td></tr>
(tng) (tng) (tng)</table>
(tng) (tng)</div>
(tng) (tng)<script type="text/javascript">
(tng) (tng) (tng)$(document).ready(function() {
(tng) (tng) (tng) (tng)$("#dataLoad").hide(); (tng)//面加蝲完毕后即DIV隐藏
(tng) (tng) (tng) (tng)$("#showLoadingDiv").click(function(){$("#dataLoad").show();}); //为指定按钮添加数据加载动态显C:(x)卛_DIV昄出来
(tng) (tng) (tng)});
(tng) (tng)</script>
(tng) (tng)
其他jsp中的代码大致如下Q?/p>
......
<%@ include file="/jsp/jsp_head.jsp"%>
......
<input type="button" onClick="query();" id="showLoadingDiv" value="查询"> (tng)
......
q种实现对用h说是非常真实的,没有高的技术要求,希望q种思\对你的项目有所帮助?/p>
import java.io.BufferedReader;
import java.io.File;
import java.io.InputStreamReader;
import java.util.Properties;
import javax.activation.DataHandler;
import javax.activation.DataSource;
import javax.activation.FileDataSource;
import javax.mail.Address;
import javax.mail.BodyPart;
import javax.mail.Folder;
import javax.mail.Message;
import javax.mail.Multipart;
import javax.mail.Session;
import javax.mail.Store;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
public class testSendMail {
(tng)public static void main(String[] arg) throws Exception{
(tng) (tng)sendMailWithAttachement();
// (tng) (tng)recpMail();
(tng)}
(tng)
(tng)
(tng)
(tng)/**
(tng) * 不需要验证的邮g发?br /> (tng) * @throws Exception
(tng) */
(tng)private static void setMessage() throws Exception {
(tng) (tng)Properties props = System.getProperties();
(tng) (tng)props.put("mail.smtp.host","mail.infoservice.com.cn"); (tng) //讄smtp的服务器地址Q该邮g服务器不需要n份验?br /> (tng) (tng)props.put("mail.smtp.auth","false"); (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng)//讄smtp服务器要?li)w䆾验证:~省讄为false
(tng) (tng)
(tng) (tng)Address from = new InternetAddress("chencheng@infoservice.com.cn");
(tng) (tng)Address to = new InternetAddress("zouqingbing@infoservice.com.cn");
(tng) (tng)
(tng) (tng)
(tng) (tng)Session session = Session.getDefaultInstance(props,null);
(tng) (tng)Message message = new MimeMessage(session);
(tng) (tng)message.setFrom(from);
(tng) (tng)message.addRecipient(Message.RecipientType.TO, to);
(tng) (tng)message.setText("I love U!!!");
(tng) (tng)message.setSubject("Test");
(tng) (tng)
(tng) (tng)Transport.send(message);
(tng) (tng)System.out.println("邮g发送完?");
(tng)}
(tng)
(tng)/**
(tng) * 带授权的发送邮?br /> (tng) * @throws Exception
(tng) */
(tng)private static void setMessageWithAuthentica() throws Exception{
(tng) (tng)Properties props = new Properties();
(tng) (tng)props.put("mail.smtp.host","smtp.126.com"); (tng) //讄smtp的服务器地址是smtp.126.com
(tng) (tng)props.put("mail.smtp.auth","true"); (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) //讄smtp服务器要?li)w䆾验证?br /> (tng) (tng)PopupAuthenticator auth = new PopupAuthenticator();
(tng) (tng)Session session = Session.getInstance(props, auth);
(tng) (tng)// 发送h地址
(tng) (tng)Address addressFrom = new InternetAddress("zqbchina@126.com", "zqbchina");
(tng) (tng)// 收g人地址
(tng) (tng)Address addressTo = new InternetAddress("zqbchina@sina.com", "zqbchina");
(tng) (tng)
(tng) (tng)// 抄送地址
(tng) (tng)// Address addressCopy = new InternetAddress("haocongping@gmail.com", "George Bush");
(tng) (tng)Message message = new MimeMessage(session);
(tng) (tng)message.setContent("This is mail content!", "text/plain");//或者用message.setText("Hello");更详l的信息请参看后l文?
(tng) (tng)message.setSubject("试邮g标题");
(tng) (tng)message.setFrom(addressFrom);
(tng) (tng)message.addRecipient(Message.RecipientType.TO,addressTo);
(tng) (tng)// message.addRecipient(Message.RecipientType.CC,addressCopy);
(tng) (tng)message.saveChanges();
(tng) (tng)// session.setDebug(true);
(tng) (tng)Transport transport = session.getTransport("smtp"); (tng) (tng)//创徏q接
(tng) (tng)transport.connect("smtp.126.com", "zqbchina", "你的密码");//q接服务?br /> (tng) (tng)transport.send(message); (tng)//发送信?br /> (tng) (tng)transport.close(); (tng) (tng) (tng)//关闭q接
(tng) (tng)System.out.println("邮g发送完?");
(tng)}
(tng)
(tng)/**
(tng) * 带附件的邮g发?br /> (tng) * @throws Exception
(tng) */
(tng)private static void sendMailWithAttachement() throws Exception{
(tng) (tng)Properties props = new Properties();
(tng) (tng)props.put("mail.smtp.host","smtp.126.com"); (tng) //讄smtp的服务器地址是smtp.126.com
(tng) (tng)props.put("mail.smtp.auth","true"); (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) //讄smtp服务器要?li)w䆾验证?br /> (tng) (tng)PopupAuthenticator auth = new PopupAuthenticator();
(tng) (tng)Session session = Session.getInstance(props, auth);
(tng) (tng)File filename = new File("c:\\cmd.txt");
(tng) (tng)
(tng) (tng)// 发送h地址
(tng) (tng)Address from = new InternetAddress("zqbchina@126.com", "zqbchina");
(tng) (tng)Address to = new InternetAddress("zqbchina@sina.com", "zqbchina");
(tng) (tng)
(tng) (tng)//Define message
(tng) (tng)Message message = new MimeMessage(session);
(tng) (tng)message.setFrom(from);
(tng) (tng)message.addRecipient(Message.RecipientType.TO,to);
(tng) (tng)message.setSubject("Hello JavaMail Attachment");
(tng) (tng)// Create the message part
(tng) (tng)BodyPart messageBodyPart = new MimeBodyPart();
(tng) (tng)// Fill the message
(tng) (tng)messageBodyPart.setText("Pardon Ideas");
(tng) (tng)Multipart multipart = new MimeMultipart();
(tng) (tng)multipart.addBodyPart(messageBodyPart);
(tng) (tng)// Part two is attachment
(tng) (tng)messageBodyPart = new MimeBodyPart();
(tng) (tng)DataSource source = new FileDataSource(filename);
(tng) (tng)messageBodyPart.setDataHandler(new DataHandler(source));
(tng) (tng)messageBodyPart.setFileName("cmd.txt");
(tng) (tng)multipart.addBodyPart(messageBodyPart);
(tng) (tng)// Put parts in message
(tng) (tng)message.setContent(multipart);
(tng) (tng)// Send the message
(tng) (tng)Transport.send(message);
(tng) (tng)
(tng) (tng)
(tng)}
(tng)
(tng)private static void recpMail() throws Exception{
(tng) (tng)BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
(tng) (tng)
(tng) (tng)/*Properties props = new Properties();
(tng) (tng)props.put("mail.smtp.host","smtp.sina.com");
(tng) (tng)props.put("mail.smtp.auth","true");
// (tng) (tng)props.put("mail.pop3.socketFactory.fallback", "false");
(tng) (tng)Session session = Session.getInstance(props, new PopupAuthenticator());
(tng) (tng)
(tng) (tng)Store store = session.getStore("pop3");
(tng) (tng)store.connect();
(tng) (tng)Folder folder = store.getFolder("INBOX");
(tng) (tng)folder.open(Folder.READ_ONLY);
// (tng) (tng)Message[] messages = folder.getMessages();
(tng) (tng)System.out.println(folder.getMessageCount());
// (tng) (tng)for (int i=0;i<messages.length;i++)
(tng) (tng)folder.close(true);
(tng) (tng)store.close();*/
(tng) (tng)
(tng) (tng)
(tng) (tng)Properties props = new Properties();
(tng) (tng)props.put("mail.smtp.host","mail.infoservice.com.cn");
(tng) (tng)props.put("mail.smtp.auth","false");
(tng) (tng)Session session = Session.getInstance(props, new PopupAuthenticator());
(tng) (tng)
(tng) (tng)Store store = session.getStore("pop3");
(tng) (tng)store.connect("mail.infoservice.com.cn","zouqingbing","你的密码");
(tng) (tng)Folder folder = store.getFolder("INBOX");
(tng) (tng)folder.open(Folder.READ_WRITE);
(tng) (tng)System.out.println(folder.getPermanentFlags().getSystemFlags().length);
(tng) (tng)Message[] messages = folder.getMessages();
(tng) (tng)for (int i=0;i<messages.length;i++){
(tng) (tng) (tng)if (i==19) messages[i].reply(true);
(tng) (tng) (tng)
(tng) (tng) (tng)System.out.println(i+": 发g?["+messages[i].getFrom()[0]+"],标题Q["+messages[i].getSubject()+"]");
// (tng) (tng) (tng)System.out.println("需要查看邮件内容吗Q[Y]---查看Q[N]---暂时不看?);
// (tng) (tng) (tng)String line = reader.readLine();
// (tng) (tng) (tng)if ("Y".equals(line))
// (tng) (tng) (tng) (tng)System.out.println(messages[i].getContent().toString().getBytes("GB2312"));
(tng) (tng)}
(tng) (tng)folder.close(true);
(tng) (tng)store.close();
(tng)}
(tng)
}
其中Qn份验证类Q?br />import javax.mail.Authenticator;
import javax.mail.PasswordAuthentication;
public class PopupAuthenticator extends Authenticator {
(tng) (tng) (tng) public PasswordAuthentication getPasswordAuthentication() {
(tng) (tng) (tng) (tng) (tng) (tng) (tng) String username = "zqbchina"; //邮箱d帐号
(tng) (tng) (tng) (tng) (tng) (tng) (tng) String pwd = "密码"; (tng) (tng) (tng) //d密码
(tng) (tng) (tng) (tng) (tng) (tng) (tng) return new PasswordAuthentication(username, pwd);
(tng) (tng) (tng) }
}
]]>
而引入其他的servlet(比如,如果webApplication需要用struts MVC,需要引入struts的servlet,如ActionServlet).
2, Spring与Struts的结?
(tng) (tng)Ҏ(gu)一:
(tng) (tng) (tng) (tng)a. 利用Spring的ContextLoaderServlet或ContextLoaderListener加蝲Spring所需要的Bean定义?qing)ApplicationContext的徏立等;
(tng) (tng) (tng) (tng)b. 定义Struts所需要的DispatchercActionServlet,其中a,b两步是独立的;
(tng) (tng) (tng) (tng)c. 在Struts的action中引用Spring中的bean定义?可以直接使用WebApplicationContextUtil
(tng) (tng) (tng) (tng)
(tng) (tng) (tng) (tng)? a. web.xml的配|?
(tng) (tng) (tng) (tng) (tng) (tng)<context-param>
(tng) (tng) (tng) (tng) (tng) (tng) (tng)<param-name>contextConfigLocation</param-name>
(tng) (tng) (tng) (tng) (tng) (tng) (tng)<param-value>/WEB-INF/beanDefineA.xml</param-value>
(tng) (tng) (tng) (tng) (tng) (tng)</context-param>
(tng) (tng) (tng) (tng) (tng) (tng)
(tng) (tng) (tng) (tng) (tng) (tng)<servlet>
(tng) (tng) (tng) (tng) (tng) (tng) (tng)<servlet-name>ContextLoader</servlet-name>
(tng) (tng) (tng) (tng) (tng) (tng) (tng)<servlet-class>org.springframework.web.context.ContextLoaderServlet</servlet-class>
(tng) (tng) (tng) (tng) (tng) (tng) (tng)<load-on-startup>1</load-on-startup>
(tng) (tng) (tng) (tng) (tng) (tng)</servlet>
(tng) (tng) (tng) (tng) (tng) (tng)<servlet>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) <servlet-name>action</servlet-name>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) <init-param>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) <param-name>config</param-name>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) <param-value>/WEB-INF/struts-config.xml</param-value>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) </init-param>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) <load-on-startup>2</load-on-startup>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) </servlet>
(tng) (tng) (tng) (tng) (tng) (tng)
(tng) (tng) (tng) (tng) (tng) (tng)<servlet-mapping>
(tng) (tng) (tng) (tng) (tng) (tng) (tng)<servlet-name>ContextLoader</servlet-name>
(tng) (tng) (tng) (tng) (tng) (tng) (tng)<url-pattern>/</url-pattern>
(tng) (tng) (tng) (tng) (tng) (tng)</servlet-mapping>
(tng) (tng) (tng) (tng) (tng) (tng)<servlet-mapping>
(tng) (tng) (tng) (tng) (tng) (tng) (tng)<servlet-name>action</servlet-name>
(tng) (tng) (tng) (tng) (tng) (tng) (tng)<url-pattern>*.do</url-pattern>
(tng) (tng) (tng) (tng) (tng) (tng)</servlet-mapping>
(tng) (tng) (tng) (tng) (tng) (tng)
(tng) (tng) (tng) (tng) (tng) (tng)b. bean定义文g内容如下:
(tng) (tng) (tng) (tng) (tng) (tng) (tng)<bean id="test" class="com.info.test">
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng)<property name="id">
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng)<value>1</value>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng)</property>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng)<property name="name">
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng)<value>zqbchina</value>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng)</property>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng)<property name="age">
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng)<value>12</value>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng)</property>
(tng) (tng) (tng) (tng) (tng) (tng) (tng)</bean>
(tng) (tng) (tng) (tng) (tng) (tng) (tng)
(tng) (tng) (tng) (tng) (tng) (tng) c. action中的引用:
(tng) (tng) (tng) (tng) (tng) (tng) ...
(tng) (tng) (tng) (tng) (tng) (tng) ServletContext sc = request.getSession().getServletContext();
(tng) (tng) (tng) (tng) (tng) (tng)WebApplicationContext wac = WebApplicationContextUtils.getWebApplicationContext(sc);
(tng) (tng) (tng) (tng) (tng) (tng)test t = (test)wac.getBean("test");
(tng) (tng) (tng) (tng) (tng) (tng)...
]]>
本来惌己写一个日志的Q发现有位老兄写的很好Q我׃用费事,直接贴过来做W记好了(jin)
?br />==========================================================
[转自Q?/font> http://publishblog.blogdriver.com/blog/tb.b?diaryID=842351 ]
[Java]使用Proxy和InvocationHandler实现代理器模?/font>
- 元对?被代理对?:
package com.zj.gof.proxy;
public interface StudentInfoService {
(tng)void findInfo(String studentName);
}
package com.zj.gof.proxy;
public class StudentInfoServiceImpl implements StudentInfoService {
(tng)public void findInfo(String name) {
(tng) (tng)System.out.println("你目前输入的名字?" + name);
(tng)}
}
- 代理对象:
package com.zj.gof.proxy;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import org.apache.log4j.Logger;
public class LogHandler implements InvocationHandler {
(tng) private Object proxyObj;
(tng) private static Logger log=Logger.getLogger(LogHandler.class);
(tng)
(tng) public Object bind(Object obj){
(tng) (tng) this.proxyObj=obj;
(tng) (tng) return Proxy.newProxyInstance(obj.getClass().getClassLoader(),obj.getClass().getInterfaces(),this);
(tng) }
(tng)
(tng) public Object invoke(Object proxy,Method method,Object[] args) throws Throwable{
(tng) (tng) Object result=null;
(tng) (tng) try{
(tng) (tng) (tng) //请在q里插入代码Q在Ҏ(gu)前调?br /> (tng) (tng) (tng) log.info("调用log日志Ҏ(gu)"+method.getName());
(tng) (tng) (tng) result=method.invoke(proxyObj,args); //原方?br /> (tng) (tng) (tng) //请在q里插入代码Q方法后调用
(tng) (tng) }catch(Exception e){
(tng) (tng) (tng) e.printStackTrace();
(tng) (tng) }
(tng) (tng) return result;
(tng) }
}
注意:通过InvocationHandler接口实现的代理器只能代理接口Ҏ(gu). (q点在InvocationHandler的注解中有说?
- 代理工厂:
package com.zj.gof.proxy;
public class LogFactory {
(tng)private static Object getClassInstance(String clzName) {
(tng) (tng)Object obj = null;
(tng) (tng)try {
(tng) (tng) (tng)Class cls = Class.forName(clzName);
(tng) (tng) (tng)obj = (Object) cls.newInstance();
(tng) (tng)} catch (ClassNotFoundException cnfe) {
(tng) (tng) (tng)System.out.println("ClassNotFoundException:" + cnfe.getMessage());
(tng) (tng)} catch (Exception e) {
(tng) (tng) (tng)e.printStackTrace();
(tng) (tng)}
(tng) (tng)return obj;
(tng)}
(tng)public static Object getAOPProxyedObject(String clzName) {
(tng) (tng)Object proxy = null;
(tng) (tng)LogHandler handler = new LogHandler();
(tng) (tng)Object obj = getClassInstance(clzName);
(tng) (tng)if (obj != null) {
(tng) (tng) (tng)proxy = handler.bind(obj);
(tng) (tng)} else {
(tng) (tng) (tng)System.out.println("Can't get the proxyobj");
(tng) (tng) (tng)//throw
(tng) (tng)}
(tng) (tng)return proxy;
(tng)}
}
- 客户端调?
package com.zj.gof.proxy;
public class MainTest {
(tng)public static void main(String[] args) {
(tng) (tng)// (tng) (tng)PropertyConfigurator.configure("d:/log4j.properties");
(tng) (tng)BasicConfigurator.configure();
(tng) (tng)StudentInfoService studentInfo = (StudentInfoService) LogFactory
(tng) (tng) (tng) (tng).getAOPProxyedObject("com.zj.gof.proxy.StudentInfoServiceImpl");
(tng) (tng)studentInfo.findInfo("阉K");
(tng)}
}
- q行l果:
0 [main] INFO root (tng) - 调用log日志Ҏ(gu)findInfo
你目前输入的名字?阉K
]]>
一位仁兄的解释q是非常_的,举例如下Q?br />【环境?br />webapps->app1
webspps->app2->jsp->app2jsp.jsp
?strong>getContext() method?/strong>应用?br />getServletContext().getContext("/app2").getRequestDispatcher("/jsp/app2jsp.jsp").forward(request,response)
在我自己试?jin)以后,做?jin)一Ҏ(gu)ȝQ?br />当一个容器中有多个应用时Q在其中一个应用中调用Q或叫引用)(j)另一个应用中的变量或资源时可以用上这个方法,具体的实Cؓ(f)调用getContext("/app2")Q其?/app2"为应用的url名?img src ="http://www.tkk7.com/zqbchina/aggbug/143160.html" width = "1" height = "1" />
]]>
问题Q今天重装了(jin)pȝQ在安装oracle9.0.0.1Ӟ点击setup.exe后出现oracle囄没有反应了(jin)Q再ơ点击setup.exe提示OraInstall文g夹不能写?/font>
诊断Q怀疑时安装时的中文问题Q因为我的机器名是中文名Q所以OraInstall所在\径是C:\Documents and Settings\Ҏ(gu)兵\Local Settings\Temp\OraInstallQ它是根据环境变量中的Temp的?USERPROFILE%\Local Settings\Temp得来??/font>
解决Q将Temp的值改成C:\Documents and Settings\Default User\tempQ点击setup.exel于可以q行oracle的安装了(jin)。安装完毕后再将Temp的值换回原来的%USERPROFILE%\Local Settings\TempO(jin)K?jin)?/font>
zqbchina 发表? 2005-12-07 11:49:28Java: displaytag+struts的一个问?br />
解决的是一个在request范围内蟩转的问题QA.do--->A.jspQ在A.jsp中排序时request中的变量取不到?jin)(session中可以)(j)。解x(chng)法是讑֮一下requestURI的值就O(jin)K?jin)。如Q?/font>
(tng) <display:column property="personId" title="w䆾证号" sortable="true" headerClass="sortable" />
(tng) <display:column property="corporateName" title="法h姓名" sortable="true" headerClass="sortable"/>
</display:table>
Java: displaytag的中文问?br />
在JbossQstrutsQdisplaytag中将TableProperties.properties中的分页{显CZ息修Ҏ(gu)中文Q在Web中昄Zؕ码(q个问题在TomcatQdisplaytag中没有出玎ͼ(j)。参照网上的大多解决Ҏ(gu)Q修改TableProperties.java中的Ҏ(gu)getPropertiesQStringQ:(x)
(tng) (tng) (tng) private String getProperty(String key)
(tng) (tng) (tng) {
(tng) (tng) (tng) (tng) (tng) (tng) (tng) return properties.getProperty(key);
(tng) (tng) (tng) }
为:(x)
(tng) (tng) (tng) (tng)private String getProperty(String key) {
(tng) (tng) (tng) (tng) (tng) (tng) (tng) String s = null;
(tng) (tng) (tng) (tng) (tng) (tng) (tng) try {
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) s = new String(this.properties.getProperty(key).getBytes("8859_1"), "GBK");
(tng) (tng) (tng) (tng) (tng) (tng) (tng) } catch (UnsupportedEncodingException e) {
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) e.printStackTrace();
(tng) (tng) (tng) (tng) (tng) (tng) (tng) }
(tng) (tng) (tng) (tng) (tng) (tng) (tng) return s;
(tng) (tng) (tng) }
问题到是解决?jin),唉……………?/font>
zqbchina 发表? 2005-12-14 15:48:40]]>
问题表现:
(tng) (tng) (tng) (tng) 下蝲的Liferay在Eclipse中进行build?首先?x)有Jikes~译器的错误提示(当然我以前用的是javac),编译器Ҏ(gu)"modern"?又提C内存方面的错误,不能怎么攚w|文仉没用.
解决Ҏ(gu):
(tng) (tng) (tng) (tng) (tng)下蝲Jikes~译?d路径到path中后(保Liferay工程中的build.properties文g中的javac.compiler=jikes),再次~译׃么问题都没有?)
]]>
[错误症状]--在Eclipse中用Ant执行build.xml文g?出现?Error running jikes compiler"的错?
<javac
(tng) (tng) (tng)classpathref="project.classpath"
(tng) (tng) (tng)compiler="${javac.compiler}"
(tng) (tng) (tng)debug="${javac.debug}"
/>
[解决Ҏ(gu)]--在build.xml中的javac部分,指定其属性compiler的gؓ(f)modern.
<javac
(tng) (tng) (tng)classpathref="project.classpath"
(tng) (tng) (tng)compiler="{modern}"
(tng) (tng) (tng)debug="${javac.debug}"
/>
]]>
1 定义头和根元?/p>
部v描述W文件就像所有XML文g一P必须以一个XML头开始。这个头声明可以使用的XML版本q给出文件的字符~码?br />DOCYTPE声明必须立即出现在此头之后。这个声明告诉服务器适用的servlet规范的版本(?.2?.3Qƈ指定理此文件其余部分内容的语法的DTD(Document Type DefinitionQ文档类型定??br />所有部|描q符文g的顶层(根)(j)元素为web-app。请注意QXML元素不像HTMLQ他们是大小写敏感的。因此,web-App和W(xu)EB-APP都是不合法的Qweb-app必须用小写?/p>
2 部v描述W文件内的元素次?/p>
XML元素不仅是大写敏感的,而且它们q对出现在其他元素中的次序敏感。例如,XML头必L文g中的W一,DOCTYPE声明必须是第二项Q而web-app元素必须是第三项。在web-app元素内,元素的次序也很重要。服务器不一定强制要求这U次序,但它们允许(实际上有些服务器是q样做的Q完全拒l执行含有次序不正确的元素的Web应用。这表示使用非标准元素次序的web.xml文g是不可移植的?br />下面的列表给Z(jin)所有可直接出现在web-app元素内的合法元素所必需的次序。例如,此列表说明servlet元素必须出现在所有servlet-mapping元素之前。请注意Q所有这些元素都是可选的。因此,可以省略掉某一元素Q但不能把它放于不正的位置?br /> (tng)icon icon元素指出IDE和GUI工具用来表示Web应用的一个和两个囑փ文g的位|?br /> (tng)display-name display-name元素提供GUI工具可能?x)用来标记这个特定的Web应用的一个名U?br /> (tng)description description元素l出与此有关的说明性文本?br /> (tng)context-param context-param元素声明应用范围内的初始化参数?br /> (tng)filter qo(h)器元素将一个名字与一个实现javax.servlet.Filter接口的类相关联?br /> (tng)filter-mapping 一旦命名了(jin)一个过滤器Q就要利用filter-mapping元素把它与一个或多个servlet或JSP面相关联?br /> (tng)listener servlet API的版?.3增加?jin)对事g监听E序的支持,事g监听E序在徏立、修改和删除?x)话或servlet环境时得到通知。Listener元素指出事g监听E序cR?br /> (tng)servlet 在向servlet或JSP面制定初始化参数或定制URLӞ必须首先命名servlet或JSP面。Servlet元素是用来完成此项d的?br /> (tng)servlet-mapping 服务器一般ؓ(f)servlet提供一个缺省的URLQ?a href="http://host/webAppPrefix/servlet/ServletName">http://host/webAppPrefix/servlet/ServletName。但是,常常?x)更改这个URLQ以便servlet可以讉K初始化参数或更容易地处理相对URL。在更改~省URLӞ使用servlet-mapping元素?br /> (tng)session-config 如果某个?x)话在一定时间内未被讉KQ服务器可以抛弃它以节省内存。可通过使用HttpSession的setMaxInactiveIntervalҎ(gu)明确讄单个?x)话对象的超时|或者可利用session-config元素制定~省时倹{?br /> (tng)mime-mapping 如果Web应用h惛_Ҏ(gu)的文Ӟ希望能保证给他们分配特定的MIMEcdQ则mime-mapping元素提供q种保证?br /> (tng)welcom-file-list welcome-file-list元素指示服务器在收到引用一个目录名而不是文件名的URLӞ使用哪个文g?br /> (tng)error-page error-page元素使得在返回特定HTTP状态代码时Q或者特定类型的异常被抛出时Q能够制定将要显C的面?br /> (tng)taglib taglib元素Ҏ(gu)记库描述W文ӞTag Libraryu Descriptor fileQ指定别名。此功能使你能够更改TLD文g的位|,而不用编辑用这些文件的JSP面?br /> (tng)resource-env-ref resource-env-ref元素声明与资源相关的一个管理对象?br /> (tng)resource-ref resource-ref元素声明一个资源工厂用的外部资源?br /> (tng)security-constraint security-constraint元素制定应该保护的URL。它与login-config元素联合使用
(tng)login-config 用login-config元素来指定服务器应该怎样l试图访问受保护面的用h权。它与sercurity-constraint元素联合使用?br /> (tng)security-role security-role元素l出安全角色的一个列表,q些角色出现在servlet元素内的security-role-ref元素的role-name子元素中。分别地声明角色可高IDE处理安全信息更ؓ(f)Ҏ(gu)?br /> (tng)env-entry env-entry元素声明Web应用的环境项?br /> (tng)ejb-ref ejb-ref元素声明一个EJB的主目录的引用?br /> (tng)ejb-local-ref ejb-local-ref元素声明一个EJB的本C目录的应用?/p>
3 分配名称和定制的UL
在web.xml中完成的一个最常见的Q务是对servlet或JSP面l出名称和定制的URL。用servlet元素分配名称Q用servlet-mapping元素定制的URL与刚分配的名U相兌?br />3.1 分配名称
Z(jin)提供初始化参敎ͼ对servlet或JSP面定义一个定制URL或分配一个安全角Ԍ必须首先lservlet或JSP面一个名U。可通过servlet元素分配一个名U。最常见的格式包括servlet-name和servlet-class子元素(在web-app元素内)(j)Q如下所C:(x)
<servlet>
(tng) (tng) (tng)<servlet-name>Test</servlet-name>
(tng) (tng) (tng)<servlet-class>moreservlets.TestServlet</servlet-class>
</servlet>
q表CZ于WEB-INF/classes/moreservlets/TestServlet的servlet已经得到?jin)注册名Test。给servlet一个名U具有两个主要的含义。首先,初始化参数、定制的URL模式以及(qing)其他定制通过此注册名而不是类名引用此servlet。其?可在URL而不是类名中使用此名U。因此,利用刚才l出的定义,URL http://host/webAppPrefix/servlet/Test 可用?http://host/webAppPrefix/servlet/moreservlets.TestServlet 的场所?br />误住:(x)XML元素不仅是大写敏感的,而且定义它们的次序也很重要。例如,web-app元素内所有servlet元素必须位于所有servlet-mapping元素Q下一节介绍Q之前,而且q要位于5.6节和5.11节讨论的与过滤器或文档相关的元素Q如果有的话Q之前。类似地Qservlet的servlet-name子元素也必须出现在servlet-class之前?.2?部v描述W文件内的元素次?详l介l这U必需的次序?br />例如Q程序清?-1l出?jin)一个名为TestServlet的简单servletQ它ȝ在moreservletsE序包中。因为此servlet是扎根在一个名为deployDemo的目录中的Web应用的组成部分,所以TestServlet.class攑֜deployDemo/WEB-INF/classes/moreservlets中。程序清?-2l出放|在deployDemo/WEB-INF/内的web.xml文g的一部分。此web.xml文g使用servlet-name和servlet-class元素名UTest与TestServlet.class相关联。图5-1和图5-2分别昄利用~省URL和注册名调用TestServlet时的l果?/p>
E序清单5-1 TestServlet.java
package moreservlets;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
/** Simple servlet used to illustrate servlet naming
* and custom URLs.
* <P>
* Taken from More Servlets and JavaServer Pages
* from Prentice Hall and Sun Microsystems Press,
* http://www.moreservlets.com/.
* © 2002 Marty Hall; may be freely used or adapted.
*/
public class TestServlet extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String uri = request.getRequestURI();
out.println(ServletUtilities.headWithTitle("Test Servlet") +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H2>URI: " + uri + "</H2>\n" +
"</BODY></HTML>");
}
}
E序清单5-2 web.xmlQ说明servlet名称的摘录)(j)
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<!-- ?-->
<servlet>
<servlet-name>Test</servlet-name>
<servlet-class>moreservlets.TestServlet</servlet-class>
</servlet>
<!-- ?-->
</web-app>
3.2 定义定制的URL
大多数服务器h一个缺省的serlvet URLQ?br />http://host/webAppPrefix/servlet/packageName.ServletName。虽然在开发中使用q个URL很方便,但是我们常常?x)希望另一个URL用于部v。例如,可能?x)需要一个出现在Web应用层的URLQ如Q?a href="http://host/webAppPrefix/Anyname">http://host/webAppPrefix/AnynameQ,q且在此URL中没有servletV位于顶层的URL化了(jin)相对URL的用。此外,对许多开发h员来_(d)层URL看上L更长更麻?ch)的~省URL更简短?br />事实上,有时需要用定制的URL。比如,你可能想关闭~省URL映射Q以便更好地强制实施安全限制或防止用h外地讉K无初始化参数的servlet。如果你止?jin)缺省的URLQ那么你怎样讉Kservlet呢?q时只有使用定制的URL?jin)?br />Z(jin)分配一个定制的URLQ可使用servlet-mapping元素?qing)其servlet-name和url-pattern子元素。Servlet-name元素提供?jin)一个Q意名Uͼ可利用此名称引用相应的servletQurl-pattern描述?jin)相对于Web应用的根目录的URL。url-pattern元素的值必M斜杠Q?Qv始?br />下面l出一个简单的web.xml摘录Q它允许使用URL http://host/webAppPrefix/UrlTest而不?a href="http://host/webAppPrefix/servlet/Test">http://host/webAppPrefix/servlet/Test?br />http://host/webAppPrefix/servlet/moreservlets.TestServlet。请注意Q仍焉要XML头、DOCTYPE声明以及(qing)web-app闭元素。此外,可回忆一下,XML元素出现地次序不是随意的。特别是Q需要把所有servlet元素攑֜所有servlet-mapping元素之前?br /><servlet>
(tng) (tng) (tng)<servlet-name>Test</servlet-name>
(tng) (tng) (tng)<servlet-class>moreservlets.TestServlet</servlet-class>
</servlet>
<!-- ... -->
<servlet-mapping>
(tng) (tng) (tng)<servlet-name>Test</servlet-name>
(tng) (tng) (tng)<url-pattern>/UrlTest</url-pattern>
</servlet-mapping>
URL模式q可以包含通配W。例如,下面的小E序指示服务器发送所有以Web应用的URL前缀开始,?.aspl束的请求到名ؓ(f)BashMS的servlet?br /><servlet>
(tng) (tng) (tng)<servlet-name>BashMS</servlet-name>
(tng) (tng) (tng)<servlet-class>msUtils.ASPTranslator</servlet-class>
</servlet>
<!-- ... -->
<servlet-mapping>
(tng) (tng) (tng)<servlet-name>BashMS</servlet-name>
(tng) (tng) (tng)<url-pattern>/*.asp</url-pattern>
</servlet-mapping>
3.3 命名JSP面
因ؓ(f)JSP面要{换成sevletQ自然希望就像命名servlet一样命名JSP面。毕竟,JSP面可能?x)从初始化参数、安全设|或定制的URL中受益,正如普通的serlvet那样。虽然JSP面的后台实际上是servletq句话是正确的,但存在一个关键的猜疑Q即Q你不知道JSP面的实际类名(因ؓ(f)pȝ自己?xi)选这个名字)(j)。因此,Z(jin)命名JSP面Q可jsp-file元素替换为servlet-calss元素Q如下所C:(x)
<servlet>
(tng) (tng) (tng)<servlet-name>Test</servlet-name>
(tng) (tng) (tng)<jsp-file>/TestPage.jsp</jsp-file>
</servlet>
命名JSP面的原因与命名servlet的原因完全相同:(x)即ؓ(f)?jin)提供一个与定制讄Q如Q初始化参数和安全设|)(j)一起用的名称Qƈ且,以便能更Ҏ(gu)zJSP面的URLQ比方说Q以便多个URL通过相同面得以处理Q或者从URL中去?jsp扩展名)(j)。但是,在设|初始化参数Ӟ应该注意QJSP面是利用jspInitҎ(gu)Q而不是initҎ(gu)d初始化参数的?br />例如Q程序清?-3l出一个名为TestPage.jsp的简单JSP面Q它的工作只是打印出用来Ȁzd的URL的本地部分。TestPage.jsp攄在deployDemo应用的顶层。程序清?-4l出?jin)用来分配一个注册名PageNameQ然后将此注册名?a href="http://host/webAppPrefix/UrlTest2/anything">http://host/webAppPrefix/UrlTest2/anything 形式的URL相关联的web.xml文gQ即QdeployDemo/WEB-INF/web.xmlQ的一部分?/p>
E序清单5-3 TestPage.jsp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE>
JSP Test Page
</TITLE>
</HEAD>
<BODY BGCOLOR="#FDF5E6">
<H2>URI: <%= request.getRequestURI() %></H2>
</BODY>
</HTML>
E序清单5-4 web.xmlQ说明JSP命名的摘录Q?br /><?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<!-- ... -->
<servlet>
(tng) (tng) (tng)<servlet-name>PageName</servlet-name>
(tng) (tng) (tng)<jsp-file>/TestPage.jsp</jsp-file>
</servlet>
<!-- ... -->
<servlet-mapping>
(tng) (tng) (tng)<servlet-name> PageName </servlet-name>
(tng) (tng) (tng)<url-pattern>/UrlTest2/*</url-pattern>
</servlet-mapping>
<!-- ... -->
</web-app>
4 止Ȁzdservlet
对servlet或JSP面建立定制URL的一个原因是Q这样做可以注册从initQservletQ或jspInitQJSP面Q方法中d得初始化参数。但是,初始化参数只在是利用定制URL模式或注册名讉Kservlet或JSP面时可以用,用缺省URL http://host/webAppPrefix/servlet/ServletName 讉K时不能用。因此,你可能会(x)希望关闭~省URLQ这样就不会(x)有h意外地调用初始化servlet?jin)。这个过E有时称为禁止激zdservletQ因为多数服务器h一个用~省的servlet URL注册的标准servletQƈȀzȝ省的URL应用的实际servlet?br />有两U禁止此~省URL的主要方法:(x)
l 在每个Web应用中重新映?servlet/模式?br />l 全局关闭Ȁzdservlet?br />重要的是应该注意刎ͼ虽然重新映射每个Web应用中的/servlet/模式比彻底禁止激zservlet所做的工作更多Q但重新映射可以用一U完全可UL的方式来完成。相反,全局止Ȁzdservlet完全是针对具体机器的Q事实上有的服务器(如ServletExecQ没有这L(fng)选择。下面的讨论Ҏ(gu)个Web应用重新映射/servlet/ URL模式的策略。后面提供在Tomcat中全局止Ȁzdservlet的详l内宏V?br />4.1 重新映射/servlet/URL模式
在一个特定的Web应用中禁止以http://host/webAppPrefix/servlet/ 开始的URL的处理非常简单。所需做的事情是建立一个错误消息servletQƈ使用前一节讨论的url-pattern元素所有匹配请求{向该servlet。只要简单地使用Q?br /><url-pattern>/servlet/*</url-pattern>
作ؓ(f)servlet-mapping元素中的模式卛_?br />例如Q程序清?-5l出?jin)将SorryServlet servletQ程序清?-6Q与所有以http://host/webAppPrefix/servlet/ 开头的URL相关联的部v描述W文件的一部分?/p>
E序清单5-5 web.xmlQ说明JSP命名的摘录Q?br /><?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<!-- ... -->
<servlet>
(tng) (tng) (tng)<servlet-name>Sorry</servlet-name>
(tng) (tng) (tng)<servlet-class>moreservlets.SorryServlet</servlet-class>
</servlet>
<!-- ... -->
<servlet-mapping>
(tng) (tng) (tng)<servlet-name> Sorry </servlet-name>
(tng) (tng) (tng)<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>
<!-- ... -->
</web-app>
E序清单5-6 SorryServlet.java
package moreservlets;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
/** Simple servlet used to give error messages to
* users who try to access default servlet URLs
* (i.e., http://host/webAppPrefix/servlet/ServletName)
* in Web applications that have disabled this
* behavior.
* <P>
* Taken from More Servlets and JavaServer Pages
* from Prentice Hall and Sun Microsystems Press,
* http://www.moreservlets.com/.
* © 2002 Marty Hall; may be freely used or adapted.
*/
public class SorryServlet extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String title = "Invoker Servlet Disabled.";
out.println(ServletUtilities.headWithTitle(title) +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H2>" + title + "</H2>\n" +
"Sorry, access to servlets by means of\n" +
"URLs that begin with\n" +
"http://host/webAppPrefix/servlet/\n" +
"has been disabled.\n" +
"</BODY></HTML>");
}
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
4.2 全局止ȀzdQTomcat
Tomcat 4中用来关闭缺省URL的方法与Tomcat 3中所用的很不相同。下面介l这两种Ҏ(gu)Q?br />1Q禁止激zdQ?Tomcat 4
Tomcat 4用与前面相同的方法关闭激zdservletQ即利用web.xml中的url-mapping元素q行关闭。不同之处在于Tomcat使用?jin)放在install_dir/conf中的一个服务器专用的全局web.xml文gQ而前面用的是存攑֜每个Web应用的WEB-INF目录中的标准web.xml文g?br />因此Qؓ(f)?jin)在Tomcat 4中关闭激zdservletQ只需在install_dir/conf/web.xml中简单地注释?servlet/* URL映射即可,如下所C:(x)
<!--
<servlet-mapping>
(tng) (tng) (tng)<servlet-name>invoker</servlet-name>
(tng) (tng) (tng)<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>
-->
再次提醒Q应该注意这个项是位于存攑֜install_dir/conf的Tomcat专用的web.xml文g中的Q此文g不是存放在每个Web应用的WEB-INF目录中的标准web.xml?br />2Q禁止激zdQTomcat3
在Apache Tomcat的版?中,通过在install_dir/conf/server.xml中注释出InvokerInterceptor全局止~省servlet URL。例如,下面是禁止用缺省servlet URL的server.xml文g的一部分?br /><!--
<RequsetInterceptor
className="org.apache.tomcat.request.InvokerInterceptor"
debug="0" prefix="/servlet/" />
-->
5 初始化和预装载servlet与JSP面
q里讨论控制servlet和JSP面的启动行为的Ҏ(gu)。特别是Q说明了(jin)怎样分配初始化参C?qing)怎样更改服务器生存期中装载servlet和JSP面的时刅R?br />5.1 分配servlet初始化参?br />利用init-param元素向servlet提供初始化参敎ͼinit-param元素hparam-name和param-value子元素。例如,在下面的例子中,如果initServlet servlet是利用它的注册名QInitTestQ访问的Q它?yu)能够从其方法中调用getServletConfig().getInitParameter("param1")获得"Value 1"Q调用getServletConfig().getInitParameter("param2")获得"2"?br /><servlet>
(tng) (tng) (tng)<servlet-name>InitTest</servlet-name>
(tng) (tng) (tng)<servlet-class>moreservlets.InitServlet</servlet-class>
<init-param>
(tng) (tng) (tng)<param-name>param1</param-name>
(tng) (tng) (tng)<param-value>value1</param-value>
</init-param>
<init-param>
(tng) (tng) (tng)<param-name>param2</param-name>
(tng) (tng) (tng)<param-value>2</param-value>
</init-param>
</servlet>
在涉?qing)初始化参数Ӟ有几炚w要注意:(x)
l q回倹{GetInitParameter的返回值L一个String。因此,在前一个例子中Q可对param2使用Integer.parseInt获得一个int?br />l JSP中的初始化。JSP面使用jspInit而不是init。JSP面q需要用jsp-file元素代替servlet-class?br />l ~省URL。初始化参数只在通过它们的注册名或与它们注册名相关的定制URL模式讉KServlet时可以用。因此,在这个例子中Qparam1和param2初始化参数将能够在用URL http://host/webAppPrefix/servlet/InitTest 时可用,但在使用URL http://host/webAppPrefix/servlet/myPackage.InitServlet 时不能用?br />例如Q程序清?-7l出一个名为InitServlet的简单servletQ它使用initҎ(gu)讄firstName和emailAddress字段。程序清?-8l出分配名称InitTestlservlet的web.xml文g?br />E序清单5-7 InitServlet.java
package moreservlets;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
/** Simple servlet used to illustrate servlet
* initialization parameters.
* <P>
* Taken from More Servlets and JavaServer Pages
* from Prentice Hall and Sun Microsystems Press,
* http://www.moreservlets.com/.
* © 2002 Marty Hall; may be freely used or adapted.
*/
public class InitServlet extends HttpServlet {
private String firstName, emailAddress;
public void init() {
ServletConfig config = getServletConfig();
firstName = config.getInitParameter("firstName");
emailAddress = config.getInitParameter("emailAddress");
}
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String uri = request.getRequestURI();
out.println(ServletUtilities.headWithTitle("Init Servlet") +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H2>Init Parameters:</H2>\n" +
"<UL>\n" +
"<LI>First name: " + firstName + "\n" +
"<LI>Email address: " + emailAddress + "\n" +
"</UL>\n" +
"</BODY></HTML>");
}
}
E序清单5-8 web.xmlQ说明初始化参数的摘录)(j)
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<!-- ... -->
<servlet>
(tng) (tng) (tng)<servlet-name>InitTest</servlet-name>
(tng) (tng) (tng)<servlet-class>moreservlets.InitServlet</servlet-class>
(tng) (tng) (tng)<init-param>
(tng) (tng) (tng) (tng) (tng) (tng)<param-name>firstName</param-name>
(tng) (tng) (tng) (tng) (tng) (tng)<param-value>Larry</param-value>
(tng) (tng) (tng)</init-param>
(tng) (tng) (tng)<init-param>
(tng) (tng) (tng) (tng) (tng) (tng)<param-name>emailAddress</param-name>
(tng) (tng) (tng) (tng) (tng) (tng)<param-value>Ellison@Microsoft.com</param-value>
(tng) (tng) (tng)</init-param>
</servlet>
<!-- ... -->
</web-app>
5.2 分配JSP初始化参?br />lJSP面提供初始化参数在三个斚w不同于给servlet提供初始化参数?br />1Q用jsp-file而不是servlet-class。因此,W(xu)EB-INF/web.xml文g的servlet元素如下所C:(x)
<servlet>
<servlet-name>PageName</servlet-name>
<jsp-file>/RealPage.jsp</jsp-file>
<init-param>
(tng) (tng) (tng)<param-name>...</param-name>
(tng) (tng) (tng)<param-value>...</param-value>
</init-param>
...
</servlet>
2)几乎L分配一个明的URL模式。对servletQ一般相应地使用?a href="http://host/webAppPrefix/servlet/">http://host/webAppPrefix/servlet/ 开始的~省URL。只需CQ用注册名而不是原名称卛_。这对于JSP面在技术上也是合法的。例如,在上面给出的例子中,可用URL http://host/webAppPrefix/servlet/PageName 讉KRealPage.jsp的对初始化参数具有访问权的版本。但在用于JSP面Ӟ许多用户g不喜Ƣ应用常规的servlet的URL。此外,如果JSP面位于服务器ؓ(f)其提供了(jin)目录清单的目录中Q如Q一个既没有index.html也没有index.jsp文g的目录)(j)Q则用户可能?x)连接到此JSP面Q单dQ从而意外地ȀzL初始化的面。因此,好的办法是用url-patternQ?.3节)(j)JSP面的原URL与注册的servlet名相兌。这P客户机可使用JSP面的普通名Uͼ但仍然激zd制的版本。例如,l定来自目1的servlet定义Q可使用下面的servlet-mapping定义Q?br /><servlet-mapping>
<servlet-name>PageName</servlet-name>
<url-pattern>/RealPage.jsp</url-pattern>
</servlet-mapping>
3QJSP用jspInit而不是init。自动从JSP面建立的servlet或许已经使用?jin)intiҎ(gu)。因此,使用JSP声明提供一个initҎ(gu)是不合法的,必须制定jspInitҎ(gu)?br />Z(jin)说明初始化JSP面的过E,E序清单5-9l出?jin)一个名为InitPage.jsp的JSP面Q它包含一个jspInitҎ(gu)且放|于deployDemo Web应用层次l构的顶层。一般,http://host/deployDemo/InitPage.jsp 形式的URL激zL面的不h初始化参数访问权的版本,从而将对firstName和emailAddress变量昄null。但是,web.xml文gQ程序清?-10Q分配了(jin)一个注册名Q然后将该注册名与URL模式/InitPage.jsp相关联?/p>
E序清单5-9 InitPage.jsp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD><TITLE>JSP Init Test</TITLE></HEAD>
<BODY BGCOLOR="#FDF5E6">
<H2>Init Parameters:</H2>
<UL>
<LI>First name: <%= firstName %>
<LI>Email address: <%= emailAddress %>
</UL>
</BODY></HTML>
<%!
private String firstName, emailAddress;
public void jspInit() {
ServletConfig config = getServletConfig();
firstName = config.getInitParameter("firstName");
emailAddress = config.getInitParameter("emailAddress");
}
%>
E序清单5-10 web.xmlQ说明JSP面的init参数的摘录)(j)
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<!-- ... -->
<servlet>
<servlet-name>InitPage</servlet-name>
<jsp-file>/InitPage.jsp</jsp-file>
<init-param>
<param-name>firstName</param-name>
<param-value>Bill</param-value>
</init-param>
<init-param>
<param-name>emailAddress</param-name>
<param-value>gates@oracle.com</param-value>
</init-param>
</servlet>
<!-- ... -->
<servlet-mapping>
<servlet-name> InitPage</servlet-name>
<url-pattern>/InitPage.jsp</url-pattern>
</servlet-mapping>
<!-- ... -->
</web-app>
5.3 提供应用范围内的初始化参?br />一般,对单个地servlet或JSP面分配初始化参数。指定的servlet或JSP面利用ServletConfig的getInitParameterҎ(gu)dq些参数。但是,在某些情形下Q希望提供可׃Q意servlet或JSP面借助ServletContext的getInitParameterҎ(gu)d的系l范围内的初始化参数?br />可利用context-param元素声明q些pȝ范围内的初始化倹{context-param元素应该包含param-name、param-value以及(qing)可选的description子元素,如下所C:(x)
<context-param>
<param-name>support-email</param-name>
<param-value>blackhole@mycompany.com</param-value>
</context-param>
可回忆一下,Z(jin)保证可移植性,web.xml内的元素必须以正的ơ序声明。但q里应该注意Qcontext-param元素必须出现L与文档有关的元素Qicon、display-name或descriptionQ之后及(qing)filter、filter-mapping、listener或servlet元素之前?br />5.4 在服务器启动时装载servlet
假如servlet或JSP面有一个要花很长时间执行的initQservletQ或jspInitQJSPQ方法。例如,假如init或jspInitҎ(gu)从某个数据库或ResourceBundle查找产量。这U情况下Q在W一个客hh时装载servlet的缺省行为将对第一个客h产生较长旉的gq。因此,可利用servlet的load-on-startup元素规定服务器在W一ơ启动时装蝲servlet。下面是一个例子?br /><servlet>
<servlet-name> ?</servlet-name>
<servlet-class> ?</servlet-class> <!-- Or jsp-file -->
<load-on-startup/>
</servlet>
可以为此元素体提供一个整数而不是用一个空的load-on-startup。想法是服务器应该在装蝲较大数目的servlet或JSP面之前装蝲较少数目的servlet或JSP面。例如,下面的servlet(攄在Web应用的WEB-INF目录下的web.xml文g中的web-app元素内)(j)指C服务器首先装蝲和初始化SearchServletQ然后装载和初始化由位于Web应用的result目录中的index.jsp文g产生的servlet?br /><servlet>
<servlet-name>Search</servlet-name>
<servlet-class>myPackage.SearchServlet</servlet-class> <!-- Or jsp-file -->
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>Results</servlet-name>
<servlet-class>/results/index.jsp</servlet-class> <!-- Or jsp-file -->
<load-on-startup>2</load-on-startup>
</servlet>
6 声明qo(h)?/p>
servlet版本2.3引入?jin)过滤器的概c(din)虽然所有支持servlet API版本2.3的服务器都支持过滤器Q但Z(jin)使用与过滤器有关的元素,必须在web.xml中用版?.3的DTD?br />qo(h)器可截取和修改进入一个servlet或JSP面的请求或从一个servlet或JSP面发出的相应。在执行一个servlet或JSP面之前Q必L行第一个相关的qo(h)器的doFilterҎ(gu)。在该过滤器对其FilterChain对象调用doFilterӞ执行链中的下一个过滤器。如果没有其他过滤器Qservlet或JSP面被执行。过滤器h对到来的ServletRequest对象的全部访问权Q因此,它们可以查看客户机名、查扑ֈ来的cookie{。ؓ(f)?jin)访问servlet或JSP面的输出,qo(h)器可响应对象包裹在一个替w对象(stand-in objectQ中Q比方说把输出篏加到一个缓冲区。在调用FilterChain对象的doFilterҎ(gu)之后Q过滤器可检查缓冲区Q如有必要,对它进行修改,然后传送到客户机?br />例如Q程序清?-11帝国难以?jin)一个简单的qo(h)器,只要讉K相关的servlet或JSP面Q它?yu)截取请求ƈ在标准输Z打印一个报告(开发过E中在桌面系l上q行Ӟ大多数服务器都可以用这个过滤器Q?/p>
E序清单5-11 ReportFilter.java
package moreservlets;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
/** Simple filter that prints a report on the standard output
* whenever the associated servlet or JSP page is accessed.
* <P>
* Taken from More Servlets and JavaServer Pages
* from Prentice Hall and Sun Microsystems Press,
* http://www.moreservlets.com/.
* © 2002 Marty Hall; may be freely used or adapted.
*/
public class ReportFilter implements Filter {
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
throws ServletException, IOException {
HttpServletRequest req = (HttpServletRequest)request;
System.out.println(req.getRemoteHost() +
" tried to access " +
req.getRequestURL() +
" on " + new Date() + ".");
chain.doFilter(request,response);
}
public void init(FilterConfig config)
throws ServletException {
}
public void destroy() {}
}
一旦徏立了(jin)一个过滤器Q可以在web.xml中利用filter元素以及(qing)filter-nameQQ意名Uͼ(j)、file-classQ完全限定的cdQ和Q可选的Qinit-params子元素声明它。请注意Q元素在web.xml的web-app元素中出现的ơ序不是L的;允许服务器(但不是必需的)(j)强制所需的次序,q且实际中有些服务器也是q样做的。但q里要注意,所有filter元素必须出现在Q意filter-mapping元素之前Qfilter-mapping元素又必d现在所有servlet或servlet-mapping元素之前?br />例如Q给定上q的ReportFilterc,可在web.xml中作Z面的filter声明。它把名UReporter与实际的cReportFilterQ位于moreservletsE序包中Q相兌?br /><filter>
<filter-name>Reporter</filter-name>
<filter-class>moresevlets.ReportFilter</filter-class>
</filter>
一旦命名了(jin)一个过滤器Q可利用filter-mapping元素把它与一个或多个servlet或JSP面相关联。关于此工作有两种选择?br />首先Q可使用filter-name和servlet-name子元素把此过滤器与一个特定的servlet名(此servlet名必ȝ后在相同的web.xml文g中用servlet元素声明Q关联。例如,下面的程序片断指C系l只要利用一个定制的URL讉K名ؓ(f)SomeServletName的servlet或JSP面Q就q行名ؓ(f)Reporter的过滤器?br /><filter-mapping>
<filter-name>Reporter</filter-name>
<servlet-name>SomeServletName</servlet-name>
</filter-mapping>
其次Q可利用filter-name和url-pattern子元素将qo(h)器与一lservlet、JSP面或静(rn)态内容相兌。例如,盔R的程序片D|C系l只要访问Web应用中的LURLQ就q行名ؓ(f)Reporter的过滤器?br /><filter-mapping>
<filter-name>Reporter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
例如Q程序清?-12l出?jin)将ReportFilterqo(h)器与名ؓ(f)PageName的servlet相关联的web.xml文g的一部分。名字PageName依次又与一个名为TestPage.jsp的JSP面以及(qing)以模?a href="http://host/webAppPrefix/UrlTest2/">http://host/webAppPrefix/UrlTest2/ 开头的URL相关联。TestPage.jsp的源代码已经JSP面命名的谈论在前面??分配名称和定制的URL"中给出。事实上Q程序清?-12中的servlet和servlet-name从该节原封不动地拿q来的。给定这些web.xml,可看C面的标准输出形式的调试报告(换行是ؓ(f)?jin)容易阅读?j)?br />audit.irs.gov tried to access
http://mycompany.com/deployDemo/UrlTest2/business/tax-plan.html
on Tue Dec 25 13:12:29 EDT 2001.
E序清单5-12 Web.xmlQ说明filter用法的摘录)(j)
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<filter>
<filter-name>Reporter</filter-name>
<filter-class>moresevlets.ReportFilter</filter-class>
</filter>
<!-- ... -->
<filter-mapping>
<filter-name>Reporter</filter-name>
<servlet-name>PageName</servlet-name>
</filter-mapping>
<!-- ... -->
<servlet>
<servlet-name>PageName</servlet-name>
<jsp-file>/RealPage.jsp</jsp-file>
</servlet>
<!-- ... -->
<servlet-mapping>
<servlet-name> PageName </servlet-name>
<url-pattern>/UrlTest2/*</url-pattern>
</servlet-mapping>
<!-- ... -->
</web-app>
7 指定Ƣ迎?
假如用户提供?jin)一个像http://host/webAppPrefix/directoryName/ q样的包含一个目录名但没有包含文件名的URLQ会(x)发生什么事情呢Q用戯得到一个目录表Q一个错误?q是标准文g的内容?如果得到标准文g内容Q是index.html、index.jsp、default.html、default.htm或别的什么东西呢Q?br />Welcome-file-list元素?qing)其辅助的welcome-file元素解决?jin)这个模p的问题。例如,下面的web.xmlҎ(gu)出,如果一个URLl出一个目录名但未l出文g名,服务器应该首先试用index.jspQ然后再试用index.html。如果两者都没有扑ֈQ则l果有赖于所用的服务器(如一个目录列表)(j)?br /><welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
虽然许多服务器缺省遵循这U行为,但不一定必这栗因此,明确C用welcom-file-list保证可移植性是一U良好的?fn)惯?/p>
8 指定处理错误的页?/p>
现在我了(jin)解到Q你在开发servlet和JSP面时从不会(x)犯错误,而且你的所有页面是那样的清晎ͼ一般的E序员都不会(x)被它们的搞糊涂。但是,是hM(x)犯错误的Q用户可能会(x)提供不合规定的参敎ͼ使用不正的URL或者不能提供必需的表单字D倹{除此之外,其它开发h员可能不那么l心(j)Q他们应该有些工h克服自己的不?br />error-page元素是用来克服q些问题的。它有两个可能的子元素,分别是:(x)error-code和exception-type。第一个子元素error-code指出在给定的HTTP错误代码出现时用的URL。第二个子元素excpetion-type指出在出现某个给定的Java异常但未捕捉到时使用的URL。error-code和exception-type都利用location元素指出相应的URL。此URL必须?开始。location所指出的位|处的页面可通过查找HttpServletRequest对象的两个专门的属性来讉K关于错误的信息,q两个属性分别是Qjavax.servlet.error.status_code和javax.servlet.error.message?br />可回忆一下,在web.xml内以正确的次序声明web-app的子元素很重要。这里只要记住,error-page出现在web.xml文g的末Nq,servlet、servlet-name和welcome-file-list之后卛_?/p>
8.1 error-code元素
Z(jin)更好C(jin)解error-code元素的|可考虑一下如果不正确地输入文件名Q大多数站点?x)作Z么反映。这样做一般会(x)出现一?font size="+0">404错误信息Q它表示不能扑ֈ该文Ӟ但几乎没提供更多有用的信息。另一斚wQ可以试一下在www.microsoft.com?a >www.ibm.com 处或者特别是?a >www.bea.com 处输出未知的文g名。这是会(x)得出有用的消息,q些消息提供可选择的位|,以便查找感兴的面。提供这h用的错误面对于Web应用来说是很有h(hun)值得。事实上Q?a >http://www.plinko.net/404/ 是把整个站点专门用?font size="+0">404错误面q个内容。这个站点包含来自全世界最好、最p和最搞笑?font size="+0">404面?br />E序清单5-13l出一个JSP面Q此面可返回给提供位置E序名的客户机。程序清?-14l出指定E序清单5-13作ؓ(f)q回404错误代码时显C的面的web.xml。请注意Q浏览器中显C的URL仍然是客h所提供的。错误页面是一U后台实现技术?br />最后一点,误住IE5的缺省配|显然不W合HTTP规范Q它忽略?jin)服务器生成的错误消息,而是昄自己的标准出错信息。可转到其Tools菜单Q选择Internet OptionsQ单击AdvancedQ取消Show Friendly HTTP Error Message来解x(chng)问题?/p>
E序清单5-13 NotFound.jsp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD><TITLE>404: Not Found</TITLE></HEAD>
<BODY BGCOLOR="#FDF5E6">
<H2>Error!</H2>
I'm sorry, but I cannot find a page that matches
<%= request.getRequestURI() %> on the system. Maybe you should
try one of the following:
<UL>
<LI>Go to the server's <A HREF="/">home page</A>.
<LI>Search for relevant pages.<BR>
<FORM ACTION="http://www.google.com/search">
<CENTER>
Keywords: <INPUT TYPE="TEXT" NAME="q"><BR>
<INPUT TYPE="SUBMIT" VALUE="Search">
</CENTER>
</FORM>
<LI>Admire a random multiple of 404:
<%= 404*((int)(1000*Math.random())) %>.
<LI>Try a <A HREF="http://www.plinko.net/404/rndindex.asp"
TARGET="_blank">
random 404 error message</A>. From the amazing and
amusing plinko.net <A HREF="http://www.plinko.net/404/">
404 archive</A>.
</UL>
</BODY></HTML>
E序清单5-14 web.xmlQ指出HTTP错误代码的错误页面的摘录Q?br /><?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<error-page>
<error-code>404</error-code>
<location>/NotFound.jsp</location>
</error-page>
<!-- ... -->
</web-app>
8.2 exception-type元素
error-code元素处理某个h产生一个特定的HTTP状态代码时的情c(din)然而,对于servlet或JSP面q回200但生运行时异常q种同样是常见的情况怎么办呢Q这正是exception-type元素要处理的情况。只需提供两样东西卛_Q即提供如下的一个完全限定的异常cd一个位|:(x)
<error-page>
<exception-type>packageName.className</exception-type>
<location>/SomeURL</location>
</error-page>
q样Q如果Web应用中的Mservlet或JSP面产生一个特定类型的未捕捉到的异常,则用指定的URL。此异常cd可以是一个标准类型,如javax.ServletException或java.lang.OutOfMemoryErrorQ或者是一个专门针对你的应用的异常?br />例如Q程序清?-15l出?jin)一个名为DumbDeveloperException的异常类Q可用它来特别标记经验较?yu)的E序员(不是说你的开发组中一定有q种人)(j)所犯的错误。这个类q包含一个名为dangerousComputation的静(rn)态方法,它时不时地生成这U类型的异常。程序清?-16l出寚w机整数D用dangerousCompution的一个JSP面。在抛出此异常时Q如E序清单5-18的web.xml版本中所l出的exception-type所指出的那P对客h昄DDE.jspQ程序清?-17Q。图5-16和图5-17分别l出q运和不q的l果?/p>
E序清单5-15 DumbDeveloperException.java
package moreservlets;
/** Exception used to flag particularly onerous
programmer blunders. Used to illustrate the
exception-type web.xml element.
* <P>
* Taken from More Servlets and JavaServer Pages
* from Prentice Hall and Sun Microsystems Press,
* http://www.moreservlets.com/.
* © 2002 Marty Hall; may be freely used or adapted.
*/
public class DumbDeveloperException extends Exception {
public DumbDeveloperException() {
super("Duh. What was I *thinking*?");
}
public static int dangerousComputation(int n)
throws DumbDeveloperException {
if (n < 5) {
return(n + 10);
} else {
throw(new DumbDeveloperException());
}
}
}
E序清单5-16 RiskyPage.jsp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD><TITLE>Risky JSP Page</TITLE></HEAD>
<BODY BGCOLOR="#FDF5E6">
<H2>Risky Calculations</H2>
<%@ page import="moreservlets.*" %>
<% int n = ((int)(10 * Math.random())); %>
<UL>
<LI>n: <%= n %>
<LI>dangerousComputation(n):
<%= DumbDeveloperException.dangerousComputation(n) %>
</UL>
</BODY></HTML>
E序清单5-17 DDE.jsp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD><TITLE>Dumb</TITLE></HEAD>
<BODY BGCOLOR="#FDF5E6">
<H2>Dumb Developer</H2>
We're brain dead. Consider using our competitors.
</BODY></HTML>
E序清单5-18 web.xmlQؓ(f)异常指定错误面的摘录)(j)
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<!-- ... -->
<servlet> ?</servlet>
<!-- ... -->
<error-page>
<exception-type>
moreservlets.DumbDeveloperException
</exception-type>
<location>/DDE.jsp</location>
</error-page>
<!-- ... -->
</web-app>
9 提供安全?/p>
利用web.xml中的相关元素为服务器的内建功能提供安全性?br />9.1 指定验证的方?br />使用login-confgi元素规定服务器应该怎样验证试图讉K受保护页面的用户。它包含三个可能的子元素Q分别是Qauth-method、realm-name和form-login-config。login-config元素应该出现在web.xml部v描述W文件的l尾附近Q紧跟在security-constraint元素之后?br /> (tng)auth-method
login-config的这个子元素列出服务器将要用的特定验证机制。有效gؓ(f)BASIC、DIGEST、FORM和CLIENT-CERT。服务器只需要支持BASIC和FORM?br />BASIC指出应该使用标准的HTTP验证Q在此验证中服务器检查Authorization头。如果缺这个头则返回一?01状态代码和一个WWW-Authenticate头。这D客户机弹Z个用来填写Authorization头的对话框。此机制很少或不提供Ҏ(gu)击者的防范Q这些攻击者在Internetq接上进行窥探(如通过在客h的子|上执行一个信息包探测装置Q,因ؓ(f)用户名和口o(h)是用单的可逆base64~码发送的Q他们很Ҏ(gu)得手。所有兼容的服务器都需要支持BASIC验证?br />DIGEST指出客户机应该利用加密Digest Authentication形式传输用户名和口o(h)。这提供?jin)比BASIC验证更高的防范网l截取得的安全性,但这U加密比SSLQHTTPSQ所用的Ҏ(gu)更容易破解。不q,此结论有时没有意义,因ؓ(f)当前很少有浏览器支持Digest AuthenticationQ所以servlet容器不需要支持它?br />FORM指出服务器应该检查保留的?x)话cookieq且把不h它的用户重定向到一个指定的登陆c(din)此登陆应该包含一个收集用户名和口令的常规HTML表单。在登陆之后Q利用保留会(x)话的cookie跟踪用户。虽然很复杂Q但FORM验证防范|络H探q不比BASIC验证更安全,如果有必要可以在层安排诸如SSL或网l层安全Q如IPSEC或VPNQ等额外的保护。所有兼容的服务器都需要支持FORM验证?br />CLIENT-CERT规定服务器必M用HTTPSQSSL之上的HTTPQƈ利用用户的公开密钥证书QPulic Key CertificatQ对用户q行验证。这提供?jin)防范网l截取的很强的安全性,但只有兼容J2EE的服务器需要支持它?br /> (tng)realm-name
此元素只在auth-method为BASIC时用。它指出览器在相应对话框标题(sh)用的、ƈ作ؓ(f)Authorization头组成部分的安全域的名称?br /> (tng)form-login-config
此元素只在auth-method为FORM旉用。它指定两个面Q分别是Q包含收集用户名?qing)口令的HTML表单的页面(利用form-login-page子元素)(j)Q用来指C验证失败的面Q利用form-error-page子元素)(j)。由form-login-pagel出的HTML表单必须h一个j_security_check的ACTION属性、一个名为j_username的用户名文本字段以及(qing)一个名为j_password的口令字Dc(din)?br />例如Q程序清?-19指示服务器用基于表单的验证。Web应用的顶层目录中的一个名为login.jsp的页面将攉用户名和口o(h)Qƈ且失败的登陆由相同目录中名为login-error.jsp的页面报告?/p>
E序清单5-19 web.xmlQ说明login-config的摘录)(j)
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<!-- ... -->
<security-constraint> ... </security-constraint>
<login-config>
<auth-method> FORM </auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- ... -->
</web-app>
9.2 限制对Web资源的访?br />现在Q可以指C服务器使用何种验证Ҏ(gu)?jin)??jin)不P"你说道,"除非我能指定一个来收到保护的URLQ否则没有多大用处?没错。指?gu)些URLq说明他们应该得CU保护正是security-constriaint元素的用途。此元素在web.xml中应该出现在login-config的紧前面。它包含是个可能的子元素Q分别是Qweb-resource-collection、auth-constraint、user-data-constraint和display-name。下面各节对它们进行介l?br /> (tng)web-resource-collection
此元素确定应该保护的资源。所有security-constraint元素都必d含至一个web-resource-collectionV此元素׃个给ZQ意标识名U的web-resource-name元素、一个确定应该保护的URL的url-pattern元素、一个指出此保护所适用的HTTP命o(h)QGET、POST{,~省为所有方法)(j)的http-method元素和一个提供资料的可选description元素l成。例如,下面的Web-resource-collection(在security-constratint元素内)(j)指出Web应用的proprietary目录中所有文档应该受C护?br /><security-constraint>
<web-resource-coolection>
<web-resource-name>Proprietary</web-resource-name>
<url-pattern>/propritary/*</url-pattern>
</web-resource-coolection>
<!-- ... -->
</security-constraint>
重要的是应该注意刎ͼurl-pattern仅适用于直接访问这些资源的客户机。特别是Q它不适合于通过MVC体系l构利用RequestDispatcher来访问的面Q或者不适合于利用类似jsp:forward的手D|讉K的页面。这U不匀U如果利用得当的话很有好处。例如,servlet可利用MVC体系l构查找数据Q把它放到bean中,发送请求到从bean中提取数据的JSP面q显C它。我们希望保证决不直接访问受保护的JSP面Q而只是通过建立该页面将使用的bean的servlet来访问它。url-pattern和auth-contraint元素可通过声明不允怓Q何用L(fng)接访问JSP面来提供这U保证。但是,q种不匀U的行ؓ(f)可能让开发h员放松警惕,使他们偶然对应受保护的资源提供不受限制的讉K。?br /> auth-constraint
管web-resource-collention元素质出?jin)哪些URL应该受到保护Q但是auth-constraint元素却指出哪些用户应该具有受保护资源的访问权。此元素应该包含一个或多个标识h讉K权限的用L(fng)别role-name元素Q以?qing)包含(可选)(j)一个描q角色的description元素。例如,下面web.xml中的security-constraint元素部门规定只有指定为Administrator或Big KahunaQ或两者)(j)的用户具有指定资源的讉K权?br /><security-constraint>
<web-resource-coolection> ... </web-resource-coolection>
<auth-constraint>
<role-name>administrator</role-name>
<role-name>kahuna</role-name>
</auth-constraint>
</security-constraint>
重要的是认识刎ͼ到此为止Q这个过E的可移植部分结束了(jin)。服务器怎样定哪些用户处于M角色以及(qing)它怎样存放用户的口令,完全有赖于具体的pȝ?br />例如QTomcat使用install_dir/conf/tomcat-users.xml用户名与角色名和口令相兌Q正如下面例子中所C,它指出用户joeQ口令bigshotQ和janeQ口令enajQ属于administrator和kahuna角色?br /><tomcat-users>
<user name="joe" password="bigshot" roles="administrator,kahuna" />
<user name="jane" password="enaj" roles="kahuna" />
</tomcat-users>
(tng)user-data-constraint
q个可选的元素指出在访问相兌源时使用M传输层保护。它必须包含一个transport-guarantee子元素(合法gؓ(f)NONE、INTEGRAL或CONFIDENTIALQ,q且可选地包含一个description元素。transport-guarantee为NONE值将Ҏ(gu)用的通讯协议不加限制。INTEGRALDC数据必M一U防止截取它的h阅读它的方式传送。虽然原理上Qƈ且在未来的HTTP版本中)(j)Q在INTEGRAL和CONFIDENTIAL之间可能?x)有差别Q但在当前实践中Q他们都只是单地要求用SSL。例如,下面指示服务器只允许对相兌源做HTTPSq接Q?br /><security-constraint>
<!-- ... -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
(tng)display-name
security-constraint的这个很用的子元素给予可能由GUI工具使用的安全约束项一个名U?br />9.3 分配角色?br />q今为止Q讨论已l集中到完全由容器(服务器)(j)处理的安全问题(sh)上了(jin)。但servlet以及(qing)JSP面也能够处理它们自q安全问题?br />例如Q容器可能允许用户从bigwig或bigcheese角色讉K一个显CZh员额外紧贴的面Q但只允许bigwig用户修改此页面的参数。完成这U更l致的控制的一U常见方法是调用HttpServletRequset的isUserInRoleҎ(gu)Qƈ据此修改讉K?br />Servlet的security-role-ref子元素提供出现在服务器专用口令文件中的安全角色名的一个别名。例如,假如~写?jin)一个调用request.isUserInRoleQ?boss"Q的servletQ但后来该servlet被用在了(jin)一个其口o(h)文g调用角色manager而不是boss的服务器中。下面的E序D该servlet能够使用q两个名UC的Q何一个?br /><servlet>
<!-- ... -->
<security-role-ref>
<role-name>boss</role-name> <!-- New alias -->
<role-link>manager</role-link> <!-- Real name -->
</security-role-ref>
</servlet>
也可以在web-app内利用security-role元素提供出现在role-name元素中的所有安全角色的一个全局列表。分别地生命角色佉KUIDEҎ(gu)处理安全信息?/p>
10 控制?x)话?/p>
如果某个?x)话在一定的旉内未被访问,服务器可把它扔掉以节U内存。可利用HttpSession的setMaxInactiveIntervalҎ(gu)直接讄个别?x)话对象的超时倹{如果不采用q种Ҏ(gu)Q则~省的超时值由具体的服务器军_。但可利用session-config和session-timeout元素来给Z个适用于所有服务器的明的时倹{超时值的单位为分钟,因此Q下面的例子讄~省?x)话时gؓ(f)三个时Q?80分钟Q?br /><session-config>
<session-timeout>180</session-timeout>
</session-config>
11 Web应用的文档化
来多的开发环境开始提供servlet和JSP的直接支持。例子有Borland Jbuilder Enterprise Edition、Macromedia UltraDev、Allaire JRun StudioQ写此文Ӟ已被Macromedia收购Q以?qing)IBM VisuaAge for Java{?br />大量的web.xml元素不仅是ؓ(f)服务器设计的Q而且q是为可视开发环境设计的。它们包括icon、display-name和discription{?br />可回忆一下,在web.xml内以适当地次序声明web-app子元素很重要。不q,q里只要Cicon、display-name和description是web.xml的web-app元素内的前三个合法元素即可?br />l icon
icon元素指出GUI工具可用来代表Web应用的一个和两个囑փ文g。可利用small-icon元素指定一q?6 x 16的GIF或JPEG囑փQ用large-icon元素指定一q?2 x 32的图像。下面D一个例子:(x)
<icon>
<small-icon>/images/small-book.gif</small-icon>
<large-icon>/images/tome.jpg</large-icon>
</icon>
(tng)display-name
display-name元素提供GUI工具可能?x)用来标记此Web应用的一个名U。下面是个例子?br /><display-name>Rare Books</display-name>
(tng)description
description元素提供解释性文本,如下所C:(x)
<description>
This Web application represents the store developed for
rare-books.com, an online bookstore specializing in rare
and limited-edition books.
</description>
12 兌文g与MIMEcd
服务器一般都h一U让Web站点理员将文g扩展名与媒体相关联的Ҏ(gu)。例如,会(x)自动l予名ؓ(f)mom.jpg的文件一个image/jpeg的MIMEcd。但是,假如你的Web应用h几个不寻常的文gQ你希望保证它们在发送到客户机时分配为某UMIMEcd。mime-mapping元素Q具有extension和mime-type子元素)(j)可提供这U保证。例如,下面的代码指C服务器application/x-fubar的MIMEcd分配l所有以.fool尾的文件?br /><mime-mapping>
<extension>foo</extension>
<mime-type>application/x-fubar</mime-type>
</mime-mapping>
或许Q你的Web应用希望重蝲QoverrideQ标准的映射。例如,下面的代码将告诉服务器在发送到客户机时指定.ps文g作ؓ(f)U文本(text/plainQ而不是作为PostScriptQapplication/postscriptQ?br /><mime-mapping>
<extension>ps</extension>
<mime-type>application/postscript</mime-type>
</mime-mapping>
13 定位TLD
JSP taglib元素h一个必要的uri属性,它给Z个TLDQTag Library DescriptorQ文件相对于Web应用的根的位|。TLD文g的实际名U在发布新的标签库版本时可能?x)改变,但我们希望避免更?gu)有现有JSP面。此外,可能q希望用保持taglib元素的简l性的一个简短的uri。这是部v描述W文件的taglib元素z场的所在了(jin)。Taglib包含两个子元素:(x)taglib-uri和taglib-location。taglib-uri元素应该与用于JSP taglib元素的uri属性的东西相匹配。Taglib-location元素l出TLD文g的实际位|。例如,假如你将文gchart-tags-1.3beta.tld攑֜WebApp/WEB-INF/tlds中。现在,假如web.xml在web-app元素内包含下列内宏V?br /><taglib>
<taglib-uri>/charts.tld</taglib-uri>
<taglib-location>
/WEB-INF/tlds/chart-tags-1.3beta.tld
</taglib-location>
</taglib>
l出q个说明后,JSP面可通过下面的简化Ş式用标{ֺ?br /><%@ taglib uri="/charts.tld" prefix="somePrefix" %>
14 指定应用事g监听E序
应用事g监听器程序是建立或修改servlet环境或会(x)话对象时通知的类。它们是servlet规范的版?.3中的新内宏V这里只单地说明用来向Web应用注册一个监听程序的web.xml的用法?br />注册一个监听程序涉?qing)在web.xml的web-app元素内放|一个listener元素。在listener元素内,listener-class元素列出监听E序的完整的限定cdQ如下所C:(x)
<listener>
<listener-class>package.ListenerClass</listener-class>
</listener>
虽然listener元素的结构很单,但请不要忘记Q必L地l出web-app元素内的子元素的ơ序。listener元素位于所有的servlet元素之前以及(qing)所有filter-mapping元素之后。此外,因ؓ(f)应用生存期监听程序是serlvet规范?.3版本中的新内容,所以必M用web.xml DTD?.3版本Q而不?.2版本?br />例如Q程序清?-20l出一个名为ContextReporter的简单的监听E序Q只要Web应用的Servlet-Context建立Q如装蝲Web应用Q或消除Q如服务器关闭)(j)Ӟ它就在标准输Z昄一条消息。程序清?-21l出此监听程序注册所需要的web.xml文g的一部分?/p>
E序清单5-20 ContextReporterjava
package moreservlets;
import javax.servlet.*;
import java.util.*;
/** Simple listener that prints a report on the standard output
* when the ServletContext is created or destroyed.
* <P>
* Taken from More Servlets and JavaServer Pages
* from Prentice Hall and Sun Microsystems Press,
* http://www.moreservlets.com/.
* © 2002 Marty Hall; may be freely used or adapted.
*/
public class ContextReporter implements ServletContextListener {
public void contextInitialized(ServletContextEvent event) {
System.out.println("Context created on " +
new Date() + ".");
}
public void contextDestroyed(ServletContextEvent event) {
System.out.println("Context destroyed on " +
new Date() + ".");
}
}
E序清单5-21 web.xmlQ声明一个监听程序的摘录Q?br /><?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<!-- ... -->
<filter-mapping> ?</filter-mapping>
<listener>
<listener-class>package.ListenerClass</listener-class>
</listener>
<servlet> ... </servlet>
<!-- ... -->
</web-app>
15 J2EE元素
本节描述用作J2EE环境l成部分的Web应用的web.xml元素。这里将提供一个简明的介绍Q详l内容可以参?a >http://java.sun.com/j2ee/j2ee-1_3-fr-spec.pdf的Java 2 Plantform Enterprise Edition版本1.3规范的第5章?br />l distributable
distributable元素指出QW(xu)eb应用是以q样的方式编E的Q即Q支持集的服务器可安全地在多个服务器上分布Web应用。例如,一个可分布的应用必d使用Serializable对象作ؓ(f)其HttpSession对象的属性,而且必须避免用实例变量(字段Q来实现持箋(hu)性。distributable元素直接出现在discription元素之后Qƈ且不包含子元素或数据Q它只是一个如下的标志?br /><distributable />
(tng)resource-env-ref
resource-env-ref元素声明一个与某个资源有关的管理对象。此元素׃个可选的description元素、一个resource-env-ref-name元素Q一个相对于java:comp/env环境的JNDI名)(j)以及(qing)一个resource-env-type元素Q指定资源类型的完全限定的类Q,如下所C:(x)
<resource-env-ref>
<resource-env-ref-name>
jms/StockQueue
</resource-env-ref-name>
<resource-env-ref-type>
javax.jms.Queue
</resource-env-ref-type>
</resource-env-ref>
(tng)env-entry
env-entry元素声明Web应用的环境项。它׃个可选的description元素、一个env-entry-name元素Q一个相对于java:comp/env环境JNDI名)(j)、一个env-entry-value元素Q项|(j)以及(qing)一个env-entry-type元素Qjava.langE序包中一个类型的完全限定cdQjava.lang.Boolean、java.lang.String{)(j)l成。下面是一个例子:(x)
<env-entry>
<env-entry-name>minAmout</env-entry-name>
<env-entry-value>100.00</env-entry-value>
<env-entry-type>minAmout</env-entry-type>
</env-entry>
(tng)ejb-ref
ejb-ref元素声明对一个EJB的主目录的应用。它׃个可选的description元素、一个ejb-ref-name元素Q相对于java:comp/env的EJB应用Q、一个ejb-ref-type元素Qbean的类型,Entity或SessionQ、一个home元素Qbean的主目录接口的完全限定名Q、一个remote元素Qbean的远E接口的完全限定名)(j)以及(qing)一个可选的ejb-link元素Q当前bean链接的另一个bean的名Uͼ(j)l成?br /> (tng)ejb-local-ref
ejb-local-ref元素声明一个EJB的本C目录的引用。除?jin)用local-home代替home外,此元素具有与ejb-ref元素相同的属性ƈ以相同的方式使用?/p>
package test.net;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.ServerSocket;
import java.net.Socket;
public class socketServer {
(tng)public static void main(String args[]){
(tng) (tng)try{
(tng) (tng) (tng)ServerSocket server = new ServerSocket(2000);
(tng) (tng) (tng)Socket client = server.accept(); (tng)//服务器侦听端口ƈ接受到此套接字的q接
(tng) (tng) (tng)BufferedReader in = new BufferedReader(new InputStreamReader(client.getInputStream())); (tng)//接收客户端传递的数据?hu)?br /> (tng) (tng) (tng)PrintWriter out=new PrintWriter(client.getOutputStream()); (tng) //服务器的q回?br /> (tng) (tng) (tng)while(true){
(tng) (tng) (tng) (tng)String str = in.readLine();
(tng) (tng) (tng) (tng)System.out.println("Client: "+str);
(tng) (tng) (tng) (tng)
(tng) (tng) (tng) (tng)out.println("... received!");
(tng) (tng) (tng) (tng)out.flush();
(tng) (tng) (tng) (tng)if (str.equals("end")){
(tng) (tng) (tng) (tng) (tng)break;
(tng) (tng) (tng) (tng)}
(tng) (tng) (tng)}
(tng) (tng) (tng)client.close();
(tng) (tng)}catch(IOException e){
(tng) (tng) (tng)e.printStackTrace();
(tng) (tng)}
(tng) (tng)
(tng)}
}
package com;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.Socket;
import java.net.UnknownHostException;
public class clientSocket {
(tng)public static void main(String[] args){
(tng) (tng)try{
(tng) (tng) (tng)Socket server = new Socket("10.40.2.7",2000);
(tng) (tng) (tng)BufferedReader in = new BufferedReader(new InputStreamReader(server.getInputStream())); (tng) (tng)//接收服务器信?br /> (tng) (tng) (tng)PrintWriter out = new PrintWriter(server.getOutputStream()); (tng)//向服务器发送信?br /> (tng) (tng) (tng)
(tng) (tng) (tng)BufferedReader wt = new BufferedReader(new InputStreamReader(System.in)); (tng)//接收键盘输入信息
(tng) (tng) (tng)while(true){
(tng) (tng) (tng) (tng)String outStr = wt.readLine();
(tng) (tng) (tng) (tng)out.println(outStr);
(tng) (tng) (tng) (tng)out.flush();
(tng) (tng) (tng) (tng)
(tng) (tng) (tng) (tng)if (outStr.equals("end")){
(tng) (tng) (tng) (tng) (tng)break;
(tng) (tng) (tng) (tng)}
(tng) (tng) (tng) (tng)System.out.println(in.readLine());
(tng) (tng) (tng)}
(tng) (tng) (tng)
(tng) (tng) (tng)server.close();
(tng) (tng)}catch(UnknownHostException e){
(tng) (tng) (tng)
(tng) (tng)}catch(IOException e){
(tng) (tng) (tng)
(tng) (tng)}
(tng)}
}
~~end.
其中服务器和客户端数据是通过socket对象q行传递的,socket.getInputStream()得到客户?相对而言:E序本机是服务?别h是客户?传递过来的数据输入?server.getOutputStream()是即返回的数据输出? (tng) ?E序的测试需要同时启动客L(fng)和服务器端程?如果在一台机器上同样可以做这L(fng)试,在eclipse的console中display selected console的选项可以在服务器端程序控制台和客L(fng)E序控制台间q行切换.
]]>
试验的最l目的是q样:
(tng) ......
(tng) (tng) (tng) Context ctx = new InitialContext(); (tng) (tng) (tng)//具体jndi环境讄在jndi.properties中指?br /> (tng) (tng) (tng) (tng)DataSource ds = (DataSource)ctx.lookup("Zqb Oracle Test"); //其中Zqb Oracle Test是我在oracle-ds.xml中指定的JNDI?br /> (tng) (tng) (tng) (tng)
(tng) (tng) (tng) (tng)Connection conn = ds.getConnection();
(tng) (tng) (tng)PreparedStatement ps = conn.prepareStatement("select count(1) from css_emp_info");
(tng) (tng) (tng)ResultSet rs = ps.executeQuery();
(tng)......
步骤如下:
(tng) (tng) 1,jndi.properties(使用jboss~省的内?不做修改):
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng)java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
(tng) (tng) 2,jboss-4.0.1sp1\docs\examples\jca下的oracle-ds.xml拯到jboss-4.0.1sp1\server\default\deploy?q做相应修改,主要内容如下:
<datasources>
(tng) <local-tx-datasource>
(tng) (tng) (tng) <jndi-name>Zqb Oracle Test</jndi-name>
(tng) (tng) (tng) <use-java-context>false</use-java-context>
(tng) (tng) (tng) <connection-url>jdbc:oracle:thin:@10.25.10.175:1521:pacesdev</connection-url>
(tng) (tng) (tng) <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
(tng) (tng) (tng) <user-name>cesbase</user-name>
(tng) (tng) (tng) <password>voiture6</password>
(tng) (tng) (tng) <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
(tng) (tng) (tng) (tng) (tng) <metadata>
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) <type-mapping>Oracle9i</type-mapping>
(tng) (tng) (tng) (tng) (tng) </metadata>
(tng) </local-tx-datasource>
</datasources>
(tng) (tng) 3,OK,部vwar,搞定!其中U色标注的是后面加上?有了(jin)q句在jndi前可以不用加前缀;否则,需要加前缀java(?lookup("Zqb Oracle Test") ?lookup("java:Zqb Oracle Test")的区?.
补充: 发现在jboss官方|站有关?strong>use-java-contextq个属性的说明 http://wiki.jboss.org/wiki/Wiki.jsp?page=ConfigDataSources (tng),仔细看看!
]]>