1.jsp of nine implicit objects
Response (Page): Response javax.servlet.http.HttpServletResponse object is an instance of an object. Like server creates a request objects, it creates an object to represent the response to the client. response object also defines a process to create a new HTTP header interface. By this object, JSP Programmers can add new Cookie or date stamp, HTTP status codes.
Request (Request): Request javax.servlet.http.HttpServletRequest object is an instance of an object. Whenever a client requests a page, JSP engine will create a new object to represent the request. The request object provides a method of obtaining information comprises form data, Cookie, HTTP methods HTTP header.
OUT (Page): OUT Implicit javax.servlet.jsp.JspWriter object is an instance of an object, for transmitting the content in the response. JspWriter initialize the object based on whether the page is cached differently instantiated. The buffer can be disabled by using the page directive buffered = 'false' attribute. JspWriter object contains the same class most java.io.PrintWriter method. However, JspWriter there are some additional ways to deal with buffering. PrintWriter object with different, JspWriter IOExceptions will throw an exception.
the session (the session): the session object is an instance of javax.servlet.http.HttpSession it behaves integrally with the session object Java Servlet identical behavior. session object for tracking client session between the client requests.
aplication (aplication): file application objects are packaged directly generated Servlet ServletContext object is actually an instance of javax.servlet.ServletContext object, the object is a file application JSP page showing its entire life cycle. When the JSP page is initialized, will create this object and application objects will also be deleted when the JSP page is deleted jspDestroy () method by adding attributes value to the application object, you can ensure that all JSP files that make up the Web application can access it.
config (Page): config javax.servlet.ServletConfig objects are instantiated, is directly generated around the package ServletConfig object servlet.
the pageContext (Page): the pageContext javax.servlet.jsp.PageContext object is an instance of an object. pageContext object is used to represent the entire JSP page
Page (Page): Page objects are actually a reference to the page instance. It can be considered an object that represents the entire JSP page, page object is a direct synonym for this object.
Exception (Page): Exception contains a previous object is a wrapper thrown exception. It is typically used to generate an appropriate response to error conditions
Scope belongs in brackets
2. Four domain objects and their scope
Four JavaWeb scope of: page, request, session, application
Page : entire scope JSP page, is the smallest one of the four scope; life cycle begins when a request for a JSP, when the end response destruction. Reference is usually stored on the page object in the object pageContext.
Request : Request scope is valid in the current; life cycle is created by the server before the service method calls, incoming service method. The end of the entire request, the end of the request life. Information sharing between the two methods by Servlet HttpServletRequest interfaces implemented.
setAttribute (String name, Object value) : The name for the object's value in order to save the name to request scope.
ObjectgetAttribute (String name): Specifies the name to obtain information from the request scope.
session: the role of the range is a single session. Life cycle at the time of the first call request.getSession () method, the server checks whether there is a corresponding session, if a session is not created in memory and returns. When the period of time session is not used (default is 30 minutes), the server will destroy the session. If the server is shut down abnormally (forced to close), not expired session will follow the destruction. If you call invalidate session provided (), you can immediately destroy the session. through session, the method which provides the main interface HttpSession follows:
ObjectHttpSession.getAttribute (String name): to obtain information from the session.
voidHttpSession.setAttribute (String name, Object value) : saving information to the session.
HttpSessionHttpServletRequest.getSession (): Gets the session object for the current request is located.
application: the role of the entire range of Web applications. Created when a Web application is loaded into containers on behalf of the entire web application ServletContext object when Web application server is down or is removed, along with the destruction of ServletContext object. application scope is the server starts to shut down the entire time, information provided in this scope can be used by all applications. transmission of information by the application scope, which provides the main ServletContext method to achieve the following:
ObjectgetAttribute (String name): obtain information from the application.
void setAttribute (String name, Object value ): setting information to the application scope.
Scope small to much: page (jsp page), request (a request), session (a session), application (the entire web application).
3.servlet life cycle
(1) Examples of the class loading procedure and
When the Servlet container promoter or client sends a request, it will find whether the Servlet container Servlet example stored in memory, if present, directly read the response request instance; if not, create a Servlet examples.
(2) init () initialization process
After instantiation, Servlet container calls the init Servlet () method to initialize (some preparatory work or resources preloaded work).
(3) service () service process, select doget / dopost
After initialization, Servlet can be in a ready state in response to the request. Upon receiving the client request, call service () method of handling client requests, the HttpServlet's service () method will transpose doXxx different depending on the request () method, doget / dopost method, data can be transmitted specified page.
(4) destroy () process of destruction
when the container is closed Servlet, Servlet examples destroyed at any time. Meanwhile, Servlet Servlet container calls the destroy () method to determine whether the Servlet should be released (or resource recovery)
And works 4.cookie session, the links and differences
(1) cookie works
1. Create a Cookie
When you first visit a Web site using the Cookie, the website server will work as follows:
① The user generates a unique identifier (Cookie id), create a Cookie object;
② default it is a conversation level of cookie, stored in the browser's memory, be deleted after the user exits the browser. If you want the browser to the site Cookie is stored on disk, you need to set the maximum age (maxAge), and gives a time in seconds (the maximum age is set to 0 is the command to delete the browser Cookie);
③ Cookie placed into the HTTP response headers, Cookie will be inserted into a Set-Cookie HTTP request header.
④ sends the HTTP response message.
2, provided storage Cookie
After the browser receives the response packet, according to the special indication message in advance of the Set-Cookied, to form the corresponding cookies, stored in the client. The Cookie information which records the current user.
3, send Cookie
When users visit the site again, the browser first checks all stored Cookies, if there is a Cookie of the site (ie, the Cookie scope is greater than the stated resources will be equal to the request), put the cookie attached to the request resource HTTP head request is sent to the server.
4, read the Cookie
After the server receives the user's HTTP request acquired from the header to the user's cookies, find what they need from the inside.
Note: Cookie does not mean the browser remember the account password function, nor does it mean that you will be able to enter an account because of the presence of Cookie can automatically fill in password. Cookie is similar to Taobao's login, when you log on Taobao, whether you turn off the page even shut down, or as long as this computer, when you open when you are logged Taobao again, this is the Cookie feature. Cookie acquired by the server acquiring request.getCookies, all acquired Cookie, the Cookie stored request.addCookie with header and the response to the client.
(2) session works
1. Create Session
When the server receives the request for the first time, a space opens up a Session (Session object is created), while generating a Session ID, and the response by the Set-Cookie header: "JSESSIONID = XXXXXXX" command is sent to the client requirements set cookie response; the client receives the response, the native client sets a cookie information JSESSIONID = XXXXXXX, the expiration time of the cookie is the end of the browser session; the next each time the client sends a request to the same Web site, It will bring the cookie request header information (including the Session id); then, the server reads the header information cookie request to obtain the value of the name JSESSIONID obtain the Session id request;
2, Session
If you disable the cookie, you can use URL rewriting is to be appended directly sessionid url url path as additional information or query information
Another is hidden form fields. That is, the server will automatically modify the form, add a hidden field, in order to be able to Session id is passed back to the server when the form is submitted.
The difference between (3) cookie and the session
1, different from the storage position
Cookie stored in the client, Session stored in the server.
2, different access mode
Cookie can only ASCII string storage, access demand if Unicode character or binary data needs to be encoded. Cookie also can not directly access Java objects. To store a little complex information, using the Cookie is a tough match.
A Session is capable of access to any type of data, including, without limitation, String, Integer, List, Map like. Session also be able to direct custody Java Bean or even any Java classes, objects, etc., it is very easy to use. The Session can be seen as a Java container class.
3, security (privacy policy) different
4, on the validity of the different
5, the pressure difference caused by the server
6, different on cross-domain support
5.get submitted difference and post submission
(1) get the data is acquired from the server, post data is transmitted to the server.
URL (2) get the parameter is added to data queue to submit the form referred to in the ACTION attribute, and the value of the respective fields correspond form, it can be seen in the URL. post through HTTP post mechanism to various fields with its contents is placed in a form HTML HEADER URL address transmitted with the ACTION attribute refers. Users do not see this process.
(3) to get embodiment, a server Request.QueryString variable value acquisition for post embodiment, the server acquires data submitted by Request.Form.
The amount of data (4) get transferred is small, not greater than 2KB. post large amount of data transmission, typically default to unlimited. But in theory, IIS4 the maximum amount of 80KB, IIS5 for 100KB
(5) GET security is very low, post high security.
HTTP defines different ways to interact with the server, the most basic method is GET and POST. In fact GET for most requests, but POST is reserved for the update site. According to the HTTP specification, GET for information retrieval and should be safe and idempotent. The so-called security means that the operation used to obtain information rather than modify the information. In other words, GET requests should generally be free of side effects. Power and other means of multiple requests for the same URL should return the same result. Complete definition is not as strict as it seems. Fundamentally, the goal is that when a user opens a link, she can be sure that from their own point of view does not change the resource. For example, the front page of a news site constantly updated. Although the second request will return a different batch of news, this operation is still considered safe and idempotent, because it always returns the current news. vice versa. POST request is not so easy. POST requests that may modify resources on the server. Still news site, for example, readers of the article notes should be achieved through a POST request, because after the site has been different notes submitted
at the time of submission of FORM, if not specified Method, it defaults to the GET request, Form submitted data will be appended to the url, to? url separate and apart. It is transmitted as alphanumeric characters, but the space is converted to a "+", and other symbols are converted to% XX, where XX is the symbol for the hexadecimal representation of the ASCII (or ISO Latin-1) value. Submit a GET request of the HTTP request data is placed in the protocol header, the data in the submitted POST data entity; GET submission of data can have up to 1024 bytes, while POST is not so limited.
6, and forwards the request to request the redirect difference
Forward: a request, a response (server)
redirection: two requests, the two response (server)
Example: Assume a request to borrow money, A client (browser), B, C for the server
forwards the request: A borrow money to find B (A initiate a request), B said he had no money but a good man, went to a C told him to borrow money (here or request of a), C accepts a's request and then borrow money
to a (a to C response), it is a request, a response.
Redirect: A B looking to borrow money (A to initiate a request), B said he had no money but a good man, and told him to tell him that A C C can find a rich man to borrow money (B to A a response),
A and B views the listening went borrow C (a initiates a request ED C), C accepts the request and then lend a a (a to C response), the two response request twice.
Relevant content 7.HTTP agreement
Http is an application layer protocol consists of request and response, is a standard client-server model,
Often contain HTTP over TCP protocol, there is above (TLS / SSL) secure transport protocol is the default port 80, the default https port 443
HTTP is always initiated by the client request, the server response. Limit message to the client fails to respond in case the client does not send the request
HTTP operation is called a primary transaction, the working process is divided into four steps
1. The first is to establish a connection the client and server, only need to click a hyperlink http work began
2. After establishing a connection, the client initiates a request to the server
3. The server receives the request later, give the appropriate response information
4. the client receives the server returns the information displayed by the browser, then the client and server is disconnected
after the HTTP is a stateless protocol (stateless protocol processing means without memory for the transaction, if the lack of state means continues to process the information required on the front, it must be retransmitted, which leads to an increase in the amount of data transmission, on the other hand, when the server does not need previous information, it is relatively fast response)
To understand HTTP There are several elements to understand, and four three-way handshake waved, as well as to understand the structure of request headers and response headers and so on.
8. How to prevent duplicate form submission
the reason:
1, due to user error, multiple clicks a form submit button.
2, due to the speed and other causes page Caton, the user repeatedly refresh the page to submit.
3, a hacker or malicious user to use tools such as postman repeated malicious submit the form (attack sites).
solve:
1, JS prohibit the submit button: disable the submit button after the form is submitted, but if the client js disabled out if this method is invalid
2, using the POST / Redirect / GET mode execution redirect page after submitting the form, turn to submit successful information page
3, stored in a special session in the sign generates a unique identifier on the server side, and put him into session, and the session is written at the same time it shows relatively equal hidden field when the form is first submitted for the first time submit and then remove the session, the next commit less equal than it shows for the first time to submit
4, using the header function steering, so even if the user does not use the refresh button to re-submit the form
5, add a unique constraint or create a unique index in the database, prevent data duplication, which is the most effective way to prevent duplicate data submitted
6, cookie recorded using state of the form, based on its status can be checked whether the form is submitted this way if the client is disabled cookie swap would not have come into force
9.js and JQ common function selector and
JS: Fun (the this)
JQ: $ (the this)
2. Get the parent label
JS: document.getElementById ( "***") parentNode.
JQ: $ ( "***") parent ().
3. obtaining sub-label
JS: document.getElementById ( "***") the childNodes.
JQ: $ ( "***") Children ().
4. obtaining a label
JS: document.getElementById ( "Test") previouselementsibling.
JQ: $ ( "#test") PREV ().
5. the next tag Gets
JS: document.getElementById ( "Test") the nextSibling.
JQ: $ ( "# Test") next ().
js also be formed by the getElementsByName (), the getElementsByTagName (), getElementsByClassName (), querySelector (), querySelectorAll ()
A: the getElementById (ID): Returns the specified object ID is a reference, if the search for a specific document, elements, the most effective way is to getElementById ()
B: getElementsByName (name): returns the document name attribute is the name value of the element, because the name attribute value is not unique, the query to the results likely return is an array, and not an element.
C: getElementsByTagName (tagname): Returns the tag of the element specified in the document
D: getElementsByClassName (): returns the class name in the document from the specified element
E: querySelector (): returns the first matching element of the document specifies css selector
F: querySelectorAll (): returns the first matching element of the document specifies css selector
jq more convenient, $ ( "") and the selector wording like css selector
Reference: https: //www.cnblogs.com/codingcc1/p/11073083.html
10. How to prevent the garbage problem
1) If the submission is a post, does not want garbled, only you need to set the encoding can request objects.
Request.setCharacterEncoding ( "UTF-. 8");
response.setCharacterEncoding ( "GB2312"); Now when the notification server sends a data code table //
response.setContentType ( "text / html; charset = gb2312"); // notify the browser in what stopwatch is open
Note: the client data is submitted which way, request should be set to what encoding.
2) If the submission is get, set the encoding of the request object is invalid, does not want garbled, only manual conversion.
String data = "???????"; // string distortion
byte source [] = data.getBytes ( " iso8859-1"); // get the original data submitted by the client
data = new String (data. getBytes ( "iso8859-1"), " UTF-8"); // solve the garbage
//Equivalent to
data = new String (source,"UTF-8");
3) garbled .get the way, can also be achieved by changing the way the server configuration. Change the server.xml file in the conf directory of Tomact.