aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Head First Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Head First Problem" Watch "Head First Problem" New topic
Author

Head First Problem

Simran Dass
Ranch Hand

Joined: Jan 09, 2010
Posts: 183
This is from Head First Mock Exam -


1. Which statements about HTTP Session are true?

A. Java EE Containers must support HTTP Cookies
B. Java EE Containers must support URL rewriting
C.Java EE Containers must support SSL
D.Java EE Containers must support HTTP sessions, even for clients that do not
support cookies.

THE SERVLET SPEC SAYS -

SRV.7.1 Session Tracking Mechanisms
The following sections describe approaches to tracking a user’s sessions

SRV.7.1.3 URL Rewriting
URL rewriting is the lowest common denominator of session tracking. When a
client will not accept a cookie, URL rewriting may be used by the server as the basis
for session tracking.
URL rewriting involves adding data, a session ID, to the URL
path that is interpreted by the container to associate the request with a session.
The session ID must be encoded as a path parameter in the URL string. The
name of the parameter must be jsessionid. Here is an example of a URL
containing encoded path information:
http://www.myserver.com/catalog/index.html;jsessionid=1234


According to the spec - "URL rewriting may be used by the server as the basis
for session tracking." So its not a requirement. Hence Answer B should be false.
THis is also what I understood from the errata for this question.

Am I right ? Please correct me if I have misunderstood anything.


ANOTHER THING -

Is a J2EE container required to support SSL (here I do not mean ssl session tracking,just SSL) at all.Accoording to the spec -

All servlet containers must support HTTP as a protocol for requests and
responses, but additional request/response-based protocols such as HTTPS
(HTTP over SSL) may be supported.


So a j2EE container may or may not support SSL ?
Duc Vo
Ranch Hand

Joined: Nov 20, 2008
Posts: 254
What are the answers in the mock exam?


“Everything should be as simple as it is, but not simpler.” Albert Einstein
Marlo Magpantay
Greenhorn

Joined: Sep 15, 2010
Posts: 15
You could check your concerns at http://oreilly.com/catalog/errata.csp?isbn=9780596516680


SCJP 5, SCWCD 5
Only The Strong Survive!
Simran Dass
Ranch Hand

Joined: Jan 09, 2010
Posts: 183



In my post I have mentioned that I have consulted the errata.
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1696
    
  25

Hi Simran,

According to the spec - "URL rewriting may be used by the server as the basis
for session tracking." So its not a requirement. Hence Answer B should be false.
THis is also what I understood from the errata for this question.

Yes, you are right. The Servlet spec requires two things:
  • Session tracking through HTTP Cookies
  • An alternative session tracking mechanism when Cookies can not be used

  • For the second requirement servlet containers mostly implement URL rewriting, but it is not required.

    Is a J2EE container required to support SSL

    No, but creating a servlet container without the possibility of HTTPS (HTTP over SSL) doesn't make sense. (SSL is just the encryption protocol on top of the TCP layer)

    Regards,
    Frits
    Simran Dass
    Ranch Hand

    Joined: Jan 09, 2010
    Posts: 183

    Thankyou so much Frits . Hey Ankit you do not reply to my queries these days.



    1) In the question :


    Which statements about HTTP Session support are true?

    A. Java EE Containers must support HTTP Cookies
    B. Java EE Containers must support URL rewriting
    C.Java EE Containers must support SSL
    D.Java EE Containers must support HTTP sessions, even for clients that do not
    support cookies.

    The answer given in Kathy Sierra is A,C and D . I could not understand how options C and D are true.


    2) Another thing - if HTTPS is Not a required protocol by J2EE then how come "HTTPS
    Client Authentication (which uses HTTPS) " is REQUIRED because according to the spec
    only "DIGEST Authentication" is optional . Is HTTPS Client Authentication also optional - I
    do not think so .


    Soooo Confusing


    Ankit Garg
    Sheriff

    Joined: Aug 03, 2008
    Posts: 9304
        
      17

    Hey Ankit you do not reply to my queries these days.

    Yes I'm a little busy these days and my internet is also not working properly.

    The questions that you are asking are a little confusing to most of the people. The servlet spec is not very clear on these things. Like for SSL the spec says
    SRV.12.5.4 wrote:Servlet containers that are not J2EE technology compliant are not required to support the HTTPS protocol.

    So if you look at this statement in the opposite way, J2EE complaint containers are required to support HTTPS (HTTP over SSL) which makes option C correct. As far as option D is concerned, the spec clearly says that containers must support session for clients that don't accept cookies
    SRV.7.1.4 wrote:Web containers must be able to support the HTTP session while servicing HTTP requests from clients that do not support the use of cookies.


    SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
    Simran Dass
    Ranch Hand

    Joined: Jan 09, 2010
    Posts: 183

    Hi Ankit. Good to see your reply.

    Nice to know that it is confusing to others also I am not the only one.
    Shobhan Ganta
    Ranch Hand

    Joined: Nov 11, 2010
    Posts: 37
    Hi Simran, I see a lot of questions posted by you..Good to see your posts which are also helping me & others in clarifying things ..Also wondering whether you have any SCWCD 1.5 material, If so please post it here. Thanks in advance
    Simran Dass
    Ranch Hand

    Joined: Jan 09, 2010
    Posts: 183


    Thanks Shobhan.

    I would have loved to share material with others . I read head first , specs ( sometimes) and
    search the net . Tell me the topic you need material on .
    Shobhan Ganta
    Ranch Hand

    Joined: Nov 11, 2010
    Posts: 37
    Hi Simran, I felt custom tags are little tricky when compared to other topics. i love to see some notes on that. my email id is gshobhan@gmail.com..thanks in advance
    Shayak Chattopadhyaya
    Greenhorn

    Joined: Dec 01, 2010
    Posts: 1

    Simran,

    please mail me head first at shayak_c@yahoo.com

    Thanks much!!


    SCJP 5.0
    Nidhi Sar
    Ranch Hand

    Joined: Oct 19, 2009
    Posts: 252

    Simran Dass wrote:

    1. Which statements about HTTP Session are true?

    A. Java EE Containers must support HTTP Cookies
    B. Java EE Containers must support URL rewriting
    C.Java EE Containers must support SSL
    D.Java EE Containers must support HTTP sessions, even for clients that do not
    support cookies.



    So reading the whole thread here, this is what I have understood:

    As per specs, a JEE container:
    Must support HTTP Cookies
    May support URL rewriting
    May support SSL
    Must support HTTP sessions, even for clients that do not support cookies.

    Is that correct?

    Also, how can the last one be a MUST, if the second one is a MAY?

    If not cookies, then URL rewriting is the only way to ensure session tracking (at least in my limited knowledge)
    So how can there be a container that does NOT support URL rewriting and yet, supports HTTP sessions for a non-cookie-supporting client?

    Hope my questions make sense


    "A problem well stated is a problem half solved.” - Charles F. Kettering
    SCJP 6, OCPJWCD
    Frits Walraven
    Creator of Enthuware JWS+ V6
    Bartender

    Joined: Apr 07, 2010
    Posts: 1696
        
      25

    As per specs, a JEE container:
    Must support HTTP Cookies
    May support URL rewriting
    May support SSL
    Must support HTTP sessions, even for clients that do not support cookies.

    Is that correct?

    Yes, where the SSL MAY could as well be a MUST, see the explanation by Ankit

    Also, how can the last one be a MUST, if the second one is a MAY?

    URL rewriting is mostly used to fulfill the requirement of HTTP sessions for clients that do not support Cookies, but there is room for another implementation (like SSL sessions)
    If not cookies, then URL rewriting is the only way to ensure session tracking (at least in my limited knowledge)
    So how can there be a container that does NOT support URL rewriting and yet, supports HTTP sessions for a non-cookie-supporting client?

    When you develop your own (open source) container, you can think of an (even better) protocol then all the known solutions so far

    Regards,
    Frits
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: Head First Problem