Server-Sent Events (SSE) is part of HTML5. SSE is a simple, undirectional communication from server to browser. It allows server to push data to client once a connection is established. The entire point of SSE is to make it easy for the server to push messages to the browser, once the browser has first established a connection to the server. These messages are of the form "field: value" with...
on May 21, 2014
javax.servlet.http.HttpSession provides a way to identify an user across multiple HTTP requests and to store user specified information. In other words, it provides a support of stateful communications with the stateless HTTP protocol.
For security and memory management, sessions need to be invalidated at a certain time. There are two related methods in HttpSession.
on Aug 29, 2013
JSR 356: Java API for WebSocket provides a standard Java API for creating WebSocket Applications. The specification provides an API for...
on Aug 7, 2013
Expression Language (EL) was first introduced as part of JSTL 1.0, was then moved JSP 2.0 and was unified with JSF 1.2 in JSP 2.1. In Java EE 7, EL is a new separate JSR, JSR 341. Many new features are introduced in EL 3.0.
This blog shows how to use new following new features of EL 3.0:
Lambda expression (section 1.20 of EL 3.0 spec)
The new operator ; to separate...
on Jul 1, 2013
Asynchronous operation was introduced in Servlet 3.0. ServletRequest#startAsync is used to put the request into asynchronous mode. A thread need to be created implicitly or explicitly (see here for an example).
Servlet 3.1, JSR 340 includes clarifications in asynchronous area. Besides Servlet 3,1, Concurreny Utilities for Java EE 1.0, JSR 236 is introduced in Java EE 7. JSR 236 provides a...
on Jun 6, 2013
Update: In Servlet 3.0, the behavior of using response is undefined after invoking #complete or #dispatch. In Servlet 3.1, it is clarified that AsyncContext#getResponse will throw IllegalStateException. The blog has been updated for this.
Asynchronous operation is supported in Servlet 3.0. I have discussed startAsync in my previous blog, startAsync in Servlet 3.0. In this blog, I will discuss...
on May 14, 2013
Update: Invoke WebConnection#close when there is an error.
Servlet 3.1 Specification (JSR 340) is almost ready for the release. One of the new features is the support for protocol upgrade.
HTTP protocol upgrade was introduced in HTTP 1.1 (RFC 2616):
The Upgrade general-header allows the client to specify what additional communication protocols it supports and would like to use if the server...
on May 7, 2013
Prior to Servlet 3.0, a servlet may need to wait for a long operation to complete and can cause thread starvation in web container. In Servlet 3.0, asynchronous processing is introduced to handle this situation.
There is a lot of information about asynchronous processing in Servlet 3.0. In this blog, we will take a look at two aspects of startAsync.
When will javax.servlet.AsyncListener#...
on Sep 8, 2011
Servlet 3.1 Specification (JSR 340) and Java Authorization Contract for Containers (JSR 115) MR3 are almost ready for release. Besides "*", the role-name "**" is introduced in the above two specifications.
In a nutshell, "*" means any role defined in web.xml and "**" means any authenticated user.
Prior to Servlet 3.1, web containers use proprietary mechanisms to add security-constraints for any...
on Apr 19, 2013
Servlet 3.1 Specification (JSR 340) is almost ready for the release. Several new security features have been added in this version of Servlet specification.
In this blog, I will explain one of the security features, namely deny-uncovered-http-methods.
Let us take a look at a simple security-constraint in web.xml as follows:
<web-app xmlns="http://www.w3.org/2001/XMLSchema" ...
on Apr 19, 2013
Servlet 3.1 was in Public Review in Janurary 2013. And it is in Proposed Final Draft now. Most of the new features are related to security.
In this following, I will highlight features since Servlet 3.1 Public Review:
add new API javax.servlet.http.Part#getSubmittedFileName
add new API javax.servlet.ServletContext#getVirtualServerNameThis API allows a JASPIC module to be registered in a Servlet...
on Mar 18, 2013
Update: One should not use response in AsyncListener#onComplete. Only print debug in this example.
Servlet 3.1 (JSR 340) is almost ready for the release. One of the new features is the support for non-blocking IO. ReadListener and WriteListener are introduced to allow non-blocking processing in Servlet.
Non-blocking IO can only be used in async (defined in Servlet 3.0) or the upgrade mode. We can...
on Apr 16, 2013