All Server Side Questions & Answers.docx

moodusroundoΛογισμικό & κατασκευή λογ/κού

15 Αυγ 2012 (πριν από 5 χρόνια και 4 μήνες)

272 εμφανίσεις

Server Side Sample Questions & Answers

(Thanks to Mark for the first half and Rich for the second)

1.

JavaScript is commonly used to validate forms. JavaScript is a client side language.
What problems are associated
with using client side programs
?


Do these

problems
mean that you can never use client side languages?



Client side programs may be abused by its users, the clients. Using client side
programs opens up the risk of client exploits and viruses. Client side
programs may be modified by a malicious
user

to carry out unforeseen and
unwanted function
s
.



However many risks a web developer may be facing by using client side
programs, these risks can usually be mitigated, for example the <noscript>
notation may be used for increased security. Overall, it is up

to the web
developer to close up certain

security leaks when using

client side programs.


2.

What security implications are associated with using Java Servlets

&

JSP? How can
you mitigate the problem?



When a web

server starts a servlet, a
unique Servlet
Object is created. This
servlet object has all the security clearance of a normal application, so it can
communicate with other computers, access databases, start programs
written in other languages etc.



Because

of this security flaw, servlets are very unp
opular with system
administrators.



In orde
r to mitigate this problem,
servlets need to be written with security in
mind. E.g. Filter SQL queries, or move all our SQL stuff to out servlet code and
just call the required functions from the JSP page.



Note: a

Java server should be on a free standing server.


3.

Explain what a Java Bean is. Outline their potential for making programming easier
and cheaper



A JavaBean is a Java class that’s written

to a particular standard, which can be
used to autom
aticall
y
populate an

o
bjec
t. JavaBeans make use of getter and
setter

methods
to obtain and alter variable
s data
.



When using a JavaBean, form in
put must always be validated
. This can be
either done by JSP code or a Javascript function.



A JavaBean contains reusable s
oftware components for jav
a, so it makes
programming
les
s time consuming (easier) and
more cost effective (cheaper)
.


4.

How can a Java Bean b
e used in processing forms
?



The form element names can be sent to a JavaBean for processing by means
of a setter
method. E.g. <%dataObject.setName(“username”);%>



Then depending what happens in the JavaBean, we can get a result from that
java class using a get request in our JSP E.g. <% dataObject.getName();%>



Also, JavaBeans ha
ve to have their forms validated

for
val
id info. This can be
done
either

by

JSP code or
JavaScript

functions.




5.

A destructor is a method which is executed when an object is being disposed of.
Why are destructors n
ot widely used in Java programs?



The reason is that all java objects are heap
allo
cated and because java is a
garbage collection language

and it’s not possible to predict when an object
will be destroyed. Hence, there is no equivalent destructor
.


6.

In the context of a Java Servlet what is the purpose of the following methods:

a.

doGet



C
alled if browser submitted a ‘get information’ request to the web
server (e.g. the user typed in a URL)

b.

doPost



C
alled if the browser submitted data to the web server, for example
sent it the results of a HTML form.

c.

init



It’s typically
used to initialise a
servlet and

takes in a parameter of
type ServletConfig
.


7.

What is the purpose of a WAR file?



A WAR (Web Application Archive) is a JAR file used to distribute a collection
of JSPs, java servlets, java classes that together constitute a web application
.


8.

In
what ways does an IDE assist the programming process?



An IDE can help in many ways:



It
auto generates

code that normally would take a while to type. (E.g. I
create a JSP page in the IDE and lots of the code comes pre
-
generated)



It can run/ compile most pro
gramming languages



It’s possible to setup and run a server at the click of a button
(preconfigured server setups)



Give’s autocomplete code hints



Automatically checks code for errors and gives
auto fix

solutions



Have nice project interfaces where all projec
t files are in the one
location (on the left hand side in NetBeans)



Can automatically

import libraries and packages.


9.







10.




(A
sked twice)



A servlet can return any kind of data to the browser (or whatever else made
the request). The data is wrapped in a
ServletResponse object, usually a
HttpServletResponse. The response contains both the actual data and also
meta data in the form of response headers.



The response headers typically hint to the browser what type of data the
response is, whether it is text,
html, XML, etc. This is given by the response
header called Content
-
Type.

11.






The doGet method
within the servlet class

is called
. The data within the
doGet is then sent back to the browser.


12.






13.





A session object will usually stay in memory for a short period of time after it
is generated.
However
when the browser closes,

a
fter a

set period of time,
Java garbage collection will remove the object.


14.




(
Asked

twice)



The session
object
is created
using the command HttpSession session =
request.getSession(true);



Adding true to the method will check if a session is already active, and if not,
create a new one.



Once the session object is stored methods can then be called on it to get
data stored
within the user’s session. For example, customers ID.



15.





Only one copy of the servlet gets created because creating a new servlet
object on every visit can be resource consuming and c
an also increase page
load time due to the servlet being instantiated.



The JSP administrator can

use

dynamic checking

so, w
hen a new servlet class
is uploaded, it will be automatically instantiated and the old servlet object
will be destroyed.

16.



(A
sked twice)



For each new connection to the site a new session object is
created, in the
case of an email application the users ID, encrypted password and other
attributes, would be stored in the session. When they load a page the
session will be used to uniquely identify each user and return only the emails
or data specific to

them.


17.





A Java Bean is a Java class that’s written in a particular way.



One aspect of a Java Bean is that it uses the words ‘get’ & ‘set’, which
are always followed by the name of a variable, which has the first
letter capitalised, to both obtain and
alter the value of the specific
variable.

18.




19.





A JSP page

is basically a web page with traditional HTML and bits of Java
code. When a JSP page is called it will be compiled (by a JSP engine) into a
Java servlet.



Java Server Pages should be used when
there is more HTML data tha
n Java
that needs to be output

to the page. JSPs make data output easier.



Java Servlets should be used when there is more Java
code than HTML that
needs to be output to the page
, for example when you need to do more
computations
of data than outputting HTML.


20.





This rule only applies when dynamic server loading is not turned on, on the
server. Only one instance is created to reduce load times and resource
consumption as the object is stored in memory and referenced from memory
every time it is required.



The object is created
when
a page is called for the first time, after the class
has been deployed to the server. It will remain alive until either a newer class
is uploaded (if dynamic loading is enabled) or when the server is sh
ut
down/crashes.

21.





doGet



Called if browser submitted a ‘get information’ request to the web
server (e.g. the user typed in a URL)



doPost



Called if the browser submitted data to the web server, for example
sent it the results of a HTML form.



Note: Both doGet and doPost should be in the green circle!


22.






23.







24.





Extracted values from a session are returned as
an object reference but with
no type defined. They are returned as a generic Java object and must be cast
into the type

they

were before.



Int number = 1

session.
setAttribute( “number”, new Inte
ger(number) );