Servlet 2.3 Specification

The servlet 2.3 specification is a complete and clear explanation of the functions that make up the servlet technology. This is the bible for both developers of servlet containers such as WebLogic Server, and experienced web application developers who want to know the underlying implementation that makes up the servlet technology.

The specifications explain the following key components that form the core of the servlet implementation:

• Servlet container— Also referred to as the servlet engine. The servlet container enables request-response services, including decoding and encoding, to the corresponding formats and also manages the servlets configured through its life cycle.

• Servlet interface— The core interface of the Servlet API from which all other servlet types are derived, such as GenericServlet and HttpServlet.

• Servlet context interface— Web application environment attributes can be obtained through this interface.

• Request object— Encapsulates the user input.

• Response object— Encapsulates the server output back to the client.

• Filtering— Header and content modifier in both the request into and response from a resource. Common usage of filters includes logging, auditing, authentication, data conversion, and so on.

• Application event listener support— This feature enables better state management using HttpSession and ServletContext objects and also efficiently manages the application interactions with these objects.

• Sessions— Defines state management and implementation approaches for managing user sessions such as cookies and URL rewriting.

• RequestDispatcher— Helps forward requests to other servlets or include other servlets' output as part of the response.

• Web application— We went through the concept of Web applications in great detail in Chapters 6, "Introduction to WebLogic Web Applications," and 7, "Deploying Web Applications."

• Deployment descriptor— This depicts the Web application's configuration parameters that define the behavior of the application. It's also the contract between the different teams of the project, such as development, configuration, deployment, and so on.

• Web application security requirements and implementation— Security concepts are of the following types: Declarative security includes parameters such as roles and access control lists, which is external to the application and defined in configuration files. Programmatic security is defined in the application itself using specific methods defined in the servlet APIs, such as getRemoteUser(), getRemotePrincipal(), and so forth.

Finally, the specification describes the two core packages, javax.servlet and javax.servlet.http, that make the servlet implementation and HTTP servlet implementation, respectively. The core interface of the servlet API, Servlet is part of the javax.servlet package. Among other functions, this interface defines the service method for handling the client requests. The javax.servlet.http package contains, among other classes, HttpServlet, which implements the Servlet interface and provides the infrastructure for the Web application clients using HTTP protocol for request-response.

All changes made to the specifications based on the review of the earlier version (Servlet specification v2.2) are documented in the latest version of the specification. For complete reference of the specification, refer to the following Web site: http://java.sun.com/j2ee/.